Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores

Bibliographic Details
Main Author: Rodrigues, Gustavo Comarú
Publication Date: 2022
Format: Bachelor thesis
Language: eng
Source: Repositório Institucional PUCRS
Download full: https://hdl.handle.net/10923/26395
Summary: Many-cores are platforms designed to provide high-performance through the use of parallelism, meeting the current demand of embedded devices with power consumption and communication constraints. A many-core contains PEs (Processing Elements) interconnected by complex communication infrastructures, such as NoCs (Networks-on-Chip). Network Interfaces (NI) connect PEs to the routers of the NoC. As the adoption and complexity of many-cores increase, data protection appears as a design requirement. These systems handle sensitive information. Thus, it is necessary to protect this data from unauthorized access. The literature presents security techniques, such as cryptography, authentication codes, error correction codes, creation of a communication flow profile to detect anomalous behavior. These defense mechanisms seek to protect the many-core from a given attack, lacking proposals protecting the system against the plethora of possible threats. The Opaque Secure Zone (OSZ) is a defense mechanism executed at runtime that focuses on finding a rectilinear region with free PEs to map an application with security constraints. OSZ prevent attacks from outside sources, such as Denial-of-Service (DoS), timing attack, spoofing, man-in-the-middle. Even though the method is robust against external attacks, it still presents vulnerabilities when the application running in the OSZ needs to communicate with external peripherals. This work complements the OSZ security mechanism by proposing a Secure Network Interface (SNI) to protect the communication between applications and IO devices. By enforcing a master-slave communication model and implementing a lightweight authentication protocol, the SNI protects the system from spoofing and flooding attacks involving the peripheral.
id PUCR_85f4b2ad9a31db6b7bd6f49f82551a38
oai_identifier_str oai:meriva.pucrs.br:10923/26395
network_acronym_str PUCR
network_name_str Repositório Institucional PUCRS
repository_id_str 2753
spelling Rodrigues, Gustavo ComarúFaccenda, Rafael FollmannMoraes, Fernando Gehm2024-07-26T13:41:18Z2024-07-26T13:41:18Z2022https://hdl.handle.net/10923/26395Many-cores are platforms designed to provide high-performance through the use of parallelism, meeting the current demand of embedded devices with power consumption and communication constraints. A many-core contains PEs (Processing Elements) interconnected by complex communication infrastructures, such as NoCs (Networks-on-Chip). Network Interfaces (NI) connect PEs to the routers of the NoC. As the adoption and complexity of many-cores increase, data protection appears as a design requirement. These systems handle sensitive information. Thus, it is necessary to protect this data from unauthorized access. The literature presents security techniques, such as cryptography, authentication codes, error correction codes, creation of a communication flow profile to detect anomalous behavior. These defense mechanisms seek to protect the many-core from a given attack, lacking proposals protecting the system against the plethora of possible threats. The Opaque Secure Zone (OSZ) is a defense mechanism executed at runtime that focuses on finding a rectilinear region with free PEs to map an application with security constraints. OSZ prevent attacks from outside sources, such as Denial-of-Service (DoS), timing attack, spoofing, man-in-the-middle. Even though the method is robust against external attacks, it still presents vulnerabilities when the application running in the OSZ needs to communicate with external peripherals. This work complements the OSZ security mechanism by proposing a Secure Network Interface (SNI) to protect the communication between applications and IO devices. By enforcing a master-slave communication model and implementing a lightweight authentication protocol, the SNI protects the system from spoofing and flooding attacks involving the peripheral.Os sistemas de múltiplos núcleos em um único chip (many-cores) são plataformas projetadas para fornecer alto desempenho através do paralelismo, atendendo a demanda atual de dispositivos embarcados com restrições de consumo de energia e comunicação. Um many-core contém elementos de processamento (PEs – Processing Elements) interligados por infraestruturas de comunicação complexas, como redes intra-chip (NoC – Networkson-Chip). Interfaces de rede (NI – network interface) conectam PEs aos roteadores da NoC. À medida que a adoção e a complexidade dos many-cores aumentam, a proteção de dados aparece como um requisito de projeto. Esses sistemas lidam com informações confidenciais. Assim, é necessário proteger esses dados contra acessos não autorizados. A literatura apresenta técnicas de segurança como: criptografia, códigos de autenticação, códigos de correção de erros, criação de um perfil da comunicação para detectar comportamentos anômalos. Tais mecanismos de defesa buscam proteger o many-core de algum ataque específico, carecendo de propostas que protejam o sistema contra um conjunto mais abrangente de ataques. Zona Segura Opaca (OSZ – Opaque Secure Zone) é um mecanismo de defesa realizado em tempo de execução que busca encontrar uma região retilínea com PEs livres para mapear uma aplicação com restrições de segurança. A OSZ impede ataques de fontes externas, como negação de serviço (DoS – Denial-of-Service), ataque de temporização, spoofing, man-in-the-middle. Embora o método seja robusto contra ataques externos, ele ainda apresenta vulnerabilidades quando a aplicação executado na OSZ precisa se comunicar com periféricos externos. Este trabalho complementa o mecanismo de segurança OSZ através da proposta de uma Interface de Rede Segura (SNI – Secure Network Interface) para proteger a comunicação entre aplicações e dispositivos de E/S. Impondo o modelo de comunicação mestre-escravo e implementando um protocolo de autenticação leve, a SNI defende o sistema de ataques spoofing e denial-of-service envolvendo periféricos.Submitted by Ferdinando Lopes Avila (ferdinando.avila@pucrs.br) on 2024-07-26T13:41:03Z No. of bitstreams: 1 2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf: 3463241 bytes, checksum: 1558f4e9bdb0a32bc523709ab0061fa5 (MD5)Approved for entry into archive by Ferdinando Lopes Avila (ferdinando.avila@pucrs.br) on 2024-07-26T13:41:18Z (GMT) No. of bitstreams: 1 2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf: 3463241 bytes, checksum: 1558f4e9bdb0a32bc523709ab0061fa5 (MD5)Made available in DSpace on 2024-07-26T13:41:18Z (GMT). No. of bitstreams: 1 2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf: 3463241 bytes, checksum: 1558f4e9bdb0a32bc523709ab0061fa5 (MD5) Previous issue date: 2022SISTEMAS MULTI-NÚCLEOS BASEADOS EM REDES INTRA-CHIPSEGURANÇAOSZ (ZONAS SEGURAS OPACAS)COMUNICAÇÃO SEGURAPERIFÉRICOSNOC-BASED MANY-CORES, SECURITYOSZ (OPAQUE SECURE ZONES)SECURE COMMUNICATIONNI (NETWORK INTERFACE)PERIPHERALSProposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-coresinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/bachelorThesisPontifícia Universidade Católica do Rio Grande do SulEscola PolitécnicaPorto AlegreGraduação2022/2Engenharia de Computaçãoinfo:eu-repo/semantics/openAccessengreponame:Repositório Institucional PUCRSinstname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)instacron:PUC_RSLICENSElicense.txtlicense.txttext/plain; charset=utf-82424http://meriva.pucrs.br:8080/jspui/bitstream/10923/26395/2/license.txt81783f9e885efe482a10e41c7f560408MD52ORIGINAL2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdfTexto completoapplication/pdf3463241http://meriva.pucrs.br:8080/jspui/bitstream/10923/26395/1/2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf1558f4e9bdb0a32bc523709ab0061fa5MD5110923/263952024-07-26 10:52:16.906oai:meriva.pucrs.br:10923/26395TElDRU7Dh0EgREUgQVVUT1JJWkHDh8ODTyBQQVJBIERJVlVMR0HDh8ODTyBERSBET0NVTUVOVE9TIE5PIFJFUE9TSVTDk1JJTyBJTlNUSVRVQ0lPTkFMIApEQSBQT05USUbDjUNJQSBVTklWRVJTSURBREUgQ0FUw5NMSUNBIERPIFJJTyBHUkFOREUgRE8gU1VMCgpDb20gYmFzZSBubyBkaXNwb3N0byBuYSBMZWkgRmVkZXJhbCBuwrogOS42MTAsIGRlIDE5IGRlIGZldmVyZWlybyBkZSAxOTk4LCAKRmVyZGluYW5kbyBMb3BlcyBBdmlsYSAgIEFVVE9SSVpBICBhICBkaXNwb25pYmlsaXphw6fDo28gIGRpZ2l0YWwgIGRvICAgcHJlc2VudGUgICBkb2N1bWVudG8gIG5vICBhY2Vydm8gIGVsZXRyw7RuaWNvIApkbyAgUmVwb3NpdMOzcmlvICBJbnN0aXR1Y2lvbmFsICBkYSAgUG9udGlmw63CrWNpYSAgVW5pdmVyc2lkYWRlICBDYXTDs2xpY2EgIGRvIFJpbyBHcmFuZGUgZG8gU3VsIChQVUNSUyksIApzZWRpYWRhIGEgQXYuIElwaXJhbmdhIDY2ODEsIFBvcnRvIEFsZWdyZSwgUmlvIEdyYW5kZSBkbyBTdWwsIGNvbSByZWdpc3RybyBkZSBDTlBKIDg4LjYzMC40MTMvMDAwMi04MSAKYmVtICBjb21vIGVtIG91dHJvcyAgcmVwb3NpdMOzcmlvcyBkaWdpdGFpcyAgbmFjaW9uYWlzIGUgaW50ZXJuYWNpb25haXMsIGNvbnPDs3JjaW9zIGUgcmVkZXMgw6BzIHF1YWlzIGEgCmJpYmxpb3RlY2EgIGRhIFBVQ1JTICBwb3NzYSB2aXIgYSAgcGFydGljaXBhciwgIHNlbSDDtG51cyBhbHVzaXZvICBhb3MgZGlyZWl0b3MgIGF1dG9yYWlzLCBhIHTDrcKtdHVsbyBkZSAKZGl2dWxnYcOnw6NvIGRhIHByb2R1w6fDo28gY2llbnTDrcKtZmljYSwgbmFzIGNvbmRpw6fDtWVzIHF1ZSBzZWd1ZW06CgpBbyBzdWJtZXRlciBzZXUgZG9jdW1lbnRvIGUgY29uY29yZGFyIGNvbSBlc3RhIExpY2Vuw6dhLCBGZXJkaW5hbmRvIExvcGVzIEF2aWxhOgoKYSkgQXV0b3JpemEgYSBQb250aWbDrWNpYSBVbml2ZXJzaWRhZGUgQ2F0w7NsaWNhIGRvIFJpbyBHcmFuZGUgZG8gU3VsIChQVUNSUykgYSBkaXNwb25pYmlsaXphciBkZSBmb3JtYSAKICAgbsOjby1leGNsdXNpdmEgbyBkb2N1bWVudG8gIlByb3Bvc2FsIG9mIGEgc2VjdXJlIG5ldHdvcmsgaW50ZXJmYWNlIGZvciBwcm90ZWN0aW5nIElPIGNvbW11bmljYXRpb24gaW4gbWFueS1jb3JlcyA9IFByb3Bvc3RhIGRlIHVtYSBpbnRlcmZhY2UgZGUgcmVkZSBzZWd1cmEgcGFyYSBwcm90ZcOnw6NvIGRlIGNvbXVuaWNhw6fDo28gZGUgRS9TIGVtIG1hbnktY29yZXMiLgoKYikgRGVjbGFyYSBxdWUgbyBkb2N1bWVudG8gZW50cmVndWUgw6kgc2V1IHRyYWJhbGhvIG9yaWdpbmFsLCAgZSBxdWUgIGVzdMOhIGF1dG9yaXphZG8oYSkgYSBjdW1wcmlyIGNvbSAKICAgYXMgZXhpZ8OqbmNpYXMgZGVzdGEgTGljZW7Dp2EuIERlY2xhcmEsIHRhbWLDqW0sIHF1ZSBhIGRpc3BvbmliaWxpemHDp8OjbyBkbyBkb2N1bWVudG8gIG7Do28gaW5mcmluZ2Ugb3MgCiAgIGRpcmVpdG9zIGRlIHF1YWxxdWVyIG91dHJhIHBlc3NvYSBvdSBlbnRpZGFkZS4KCmMpIFNlIG8gZG9jdW1lbnRvICBlbnRyZWd1ZSAgY29udMOpbSAgbWF0ZXJpYWwgZG8gIHF1YWwgbsOjbyAgZGV0w6ltIG9zICBkaXJlaXRvcyBkZSBhdXRvciwgZGVjbGFyYSBlc3RhciAKICAgYXV0b3JpemFkbyhhKSBwZWxvcyBtZXNtb3MgcGFyYSBjb25jZWRlciDDoCBQVUNSUyBhICBhdXRvcml6YcOnw6NvIHJlcXVlcmlkYSBuZXN0YSBMaWNlbsOnYSwgZSBxdWUgZXNzZSAKICAgbWF0ZXJpYWwsIGN1am9zIGRpcmVpdG9zIHPDo28gZGUgdGVyY2Vpcm9zLCAgZXN0w6EgY2xhcmFtZW50ZSAgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gZG8gCiAgIGRvY3VtZW50byBlbnRyZWd1ZS4KCmQpIFNlIG8gZG9jdW1lbnRvIGVudHJlZ3VlIMOpIGJhc2VhZG8gZW0gdHJhYmFsaG8gZmluYW5jaWFkbyBvdSBhcG9pYWRvIHBvciBvdXRyYSBpbnN0aXR1acOnw6NvIHF1ZSBuw6NvIGEgCiAgIFBVQ1JTLCBkZWNsYXJhIHF1ZSBjdW1wcml1IHF1YWlzcXVlciBvYnJpZ2HDp8O1ZXMgZXhpZ2lkYXMgcGVsbyByZXNwZWN0aXZvIGNvbnRyYXRvIG91IGFjb3Jkby4KCkEgUG9udGlmw61jaWEgVW5pdmVyc2lkYWRlIENhdMOzbGljYSBkbyBSaW8gR3JhbmRlIGRvIFN1bCAgaWRlbnRpZmljYXLDoSwgc2VtcHJlICBlICBkZSBmb3JtYSBjbGFyYSwgbyhzKSAKbm9tZShzKSBkbyhzKSAgYXV0b3IoZXMpICBvdSBkZXRlbnRvcihlcykgIGRvcyBkaXJlaXRvcyBkbyBkb2N1bWVudG8gIGVudHJlZ3VlLCBlICBuw6NvICBmYXLDoSAgcXVhbHF1ZXIgCmFsdGVyYcOnw6NvIG5vIGRvY3VtZW50by4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBQb3J0byBBbGVncmUsIFJpbyBHcmFuZGUgZG8gU3VsLCBCcmFzaWwKICAgICAgICAgICAgICAgICAgICAgICAgICAgIEZyaSBKdWwgMjYgMTA6NDE6MDMgQlJUIDIwMjQKRepositório InstitucionalPRIhttp://repositorio.pucrs.br/oai/request?verb=Identifyopendoar:27532024-07-26T13:52:16Repositório Institucional PUCRS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)false
dc.title.pt_BR.fl_str_mv Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
title Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
spellingShingle Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
Rodrigues, Gustavo Comarú
SISTEMAS MULTI-NÚCLEOS BASEADOS EM REDES INTRA-CHIP
SEGURANÇA
OSZ (ZONAS SEGURAS OPACAS)
COMUNICAÇÃO SEGURA
PERIFÉRICOS
NOC-BASED MANY-CORES, SECURITY
OSZ (OPAQUE SECURE ZONES)
SECURE COMMUNICATION
NI (NETWORK INTERFACE)
PERIPHERALS
title_short Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
title_full Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
title_fullStr Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
title_full_unstemmed Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
title_sort Proposal of a secure network interface for protecting IO communication in many-cores = Proposta de uma interface de rede segura para proteção de comunicação de E/S em many-cores
author Rodrigues, Gustavo Comarú
author_facet Rodrigues, Gustavo Comarú
author_role author
dc.contributor.other.none.fl_str_mv Faccenda, Rafael Follmann
dc.contributor.author.fl_str_mv Rodrigues, Gustavo Comarú
dc.contributor.advisor1.fl_str_mv Moraes, Fernando Gehm
contributor_str_mv Moraes, Fernando Gehm
dc.subject.por.fl_str_mv SISTEMAS MULTI-NÚCLEOS BASEADOS EM REDES INTRA-CHIP
SEGURANÇA
OSZ (ZONAS SEGURAS OPACAS)
COMUNICAÇÃO SEGURA
PERIFÉRICOS
topic SISTEMAS MULTI-NÚCLEOS BASEADOS EM REDES INTRA-CHIP
SEGURANÇA
OSZ (ZONAS SEGURAS OPACAS)
COMUNICAÇÃO SEGURA
PERIFÉRICOS
NOC-BASED MANY-CORES, SECURITY
OSZ (OPAQUE SECURE ZONES)
SECURE COMMUNICATION
NI (NETWORK INTERFACE)
PERIPHERALS
dc.subject.eng.fl_str_mv NOC-BASED MANY-CORES, SECURITY
OSZ (OPAQUE SECURE ZONES)
SECURE COMMUNICATION
NI (NETWORK INTERFACE)
PERIPHERALS
description Many-cores are platforms designed to provide high-performance through the use of parallelism, meeting the current demand of embedded devices with power consumption and communication constraints. A many-core contains PEs (Processing Elements) interconnected by complex communication infrastructures, such as NoCs (Networks-on-Chip). Network Interfaces (NI) connect PEs to the routers of the NoC. As the adoption and complexity of many-cores increase, data protection appears as a design requirement. These systems handle sensitive information. Thus, it is necessary to protect this data from unauthorized access. The literature presents security techniques, such as cryptography, authentication codes, error correction codes, creation of a communication flow profile to detect anomalous behavior. These defense mechanisms seek to protect the many-core from a given attack, lacking proposals protecting the system against the plethora of possible threats. The Opaque Secure Zone (OSZ) is a defense mechanism executed at runtime that focuses on finding a rectilinear region with free PEs to map an application with security constraints. OSZ prevent attacks from outside sources, such as Denial-of-Service (DoS), timing attack, spoofing, man-in-the-middle. Even though the method is robust against external attacks, it still presents vulnerabilities when the application running in the OSZ needs to communicate with external peripherals. This work complements the OSZ security mechanism by proposing a Secure Network Interface (SNI) to protect the communication between applications and IO devices. By enforcing a master-slave communication model and implementing a lightweight authentication protocol, the SNI protects the system from spoofing and flooding attacks involving the peripheral.
publishDate 2022
dc.date.issued.fl_str_mv 2022
dc.date.accessioned.fl_str_mv 2024-07-26T13:41:18Z
dc.date.available.fl_str_mv 2024-07-26T13:41:18Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/bachelorThesis
format bachelorThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/10923/26395
url https://hdl.handle.net/10923/26395
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Institucional PUCRS
instname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron:PUC_RS
instname_str Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron_str PUC_RS
institution PUC_RS
reponame_str Repositório Institucional PUCRS
collection Repositório Institucional PUCRS
bitstream.url.fl_str_mv http://meriva.pucrs.br:8080/jspui/bitstream/10923/26395/2/license.txt
http://meriva.pucrs.br:8080/jspui/bitstream/10923/26395/1/2022_2_GUSTAVO_COMARU_RODRIGUES_TCC.pdf
bitstream.checksum.fl_str_mv 81783f9e885efe482a10e41c7f560408
1558f4e9bdb0a32bc523709ab0061fa5
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
repository.name.fl_str_mv Repositório Institucional PUCRS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
repository.mail.fl_str_mv
_version_ 1850679742599004160

Similar Items