1 / 18

Secure Reconfigurable Computing

Secure Reconfigurable Computing. September 10, 1999 Dr. David W. Jensen Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498-3161 319-295-9676 dwjensen@collins.rockwell.com. Introduction.

reuel
Télécharger la présentation

Secure Reconfigurable Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Reconfigurable Computing September 10, 1999 Dr. David W. Jensen Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498-3161 319-295-9676 dwjensen@collins.rockwell.com Jensen

  2. Introduction • Three technologies are important to meet the Adaptive Computing System (ACS) requirements of future avionics, security, and defense applications. • rapid dynamic reconfiguration, • multiple user support, and • secure application separation. • Addressing one technology in isolation may preclude the incorporation of one of the two other technologies. • Some ACS architectures will be difficult to make secure. • Some ACS architectures may be fast but cannot efficiently support multiple users. Jensen

  3. Secure Reconfigurable Architecture Jensen

  4. Architecture • We present a reconfigurable computing architecture that is explicitly secure for multiple user environments and supports varying degrees of criticality and privilege. • At the core of our secure reconfigurable architecture is a real-time Multiple Virtual Machine (MVM) model in a direct execution JVM microprocessor. • Our architecture provides hardware-enforced guarantees of resource separation. • We have extended this separation to support reconfigurable logic devices. • Defense and commercial research is increasing the performance of reconfigurable logic devices. • We intend to focus on multiple user and secure separation issues. Jensen

  5. CNETS OK-RTU-T If ok-rtu-t then rtu-t=1 User Interface Software Lisp Prognostic Software If not ok-rtu-t then rtu-t=0 Classified Encryption Algorithm Flight Management System RTU-T OK-VIR-R OK-VHF- OK-DME-R OK-TDR-R R VHF-R VIR-R DME-R TDR-R .... .... .... Lisp Interpreter in C If ok-vhf-r and rtu-t=1 then vhf-r=1 System Model If not ok-vhf-r and rtu-t=0 then vhf- r=0 Ada Run Time Environment C/C++ Run Time Environment Ada Tasking Environment Java Run Time Environment Hardware Partition Management Unit Executive Microprocessor Hardware Brickwall Partitioning / Separation • Rockwell has developed a Partition Management Unit as an integral part of the JEM microprocessor. • This hardware memory and partition management unit ensures separation of applications. • The separation required by the FAA for safety critical applications is analogous to the separation required by NSA for multiple level security. Jensen

  6. Security Kernel System Memory Hardware PMU JEM 2 ROM Configurations Configurable Hardware Logic Memory Mapped Peripherals Security / Safety Secure Reconfigurable Computing • The hardware partition management unit (PMU) of the JEM chip offers a solution to both safety critical partitioning and security partitioning. • The PMU can enforce a security policy and ensure all memory accesses are secure. We memory map all accesses to the configurable logic. As such, reconfigurable computing become explicitly safe and secure. Jensen

  7. JEM 2 An Architectural Extension System Memory Partition Management Unit (PMU) ROM Configurations Memory Mapped Peripherals Reconfigurable Computing Element (RCE) Read Write Configure New Extension Jensen

  8. Proof of Correctness Jensen

  9. Formal Verification • Implementations of architectures can be verified to be safe and secure. • Published verification techniques, which can be applied to modern safety-critical and security-critical development environments. • Rockwell Collins (AAMP5, AAMP-FV) • Stanford Research Institute (Gold Standard Paper) • Ongoing NASA & DARPA research in processor and system verification • We intend to apply these techniques to verify formally that our ACS architecture enforces separation. Jensen

  10. What is the value of register 5 after running the system 10 cycles starting in this state? Can the user execute a privileged instruction that programs the PMU? Simulator System Analyzer Common ACS Model Automated Verification We build a single model of the system to use for simulation and system analysis. • Efficient execution (near compiled C speed) • Tool for system developer • Easily validate new extensions • Push-button verification of requirements • Validate system wide characteristics • Common model used with simulator Jensen

  11. Additional Benefits Jensen

  12. Open System Standards • An architecture should be developed with open system standards to exploit future technological advances. • For that reason, we employ JavaTM as a cornerstone of our design. In our vision, the same JavaTM classfiles can be used on a computer system with or without reconfigurable computing capabilities. • We use the JavaTM software method invocation interface to execute hardware algorithms on the reconfigurable computing elements. Jensen

  13. JVM bytecodes JVM bytecodes JVM bytecodes Platform Independence Personal Computers EmbeddedSystems (JEMTM) Library of Hardware Methods Workstations Reconfigurable Systems JVM bytecodes Identified methods in standard JVM Class files cause dynamic loading of Hardware Methods. Because these methods also exist in software, this feature does not affect the execution on normal development environments. This solution provides a Platform Independent Development and Execution Environment for Reconfigurable Computing Identical Class Files Platform Independence Java C/C++ Ada Jensen

  14. Current Status Jensen

  15. Hardware Methods /** public class dotproduct **/ import java.awt.*; import java.io.*; import java.util.*; public class dotproduct { public static long dproduct(int n, long[] a, long[] b) { int i; long c; c=0; for (i=0; i<n; i++) { c += a[i]*b[i]; } return c; } Goal: Automated Software to VHDL conversion Jensen

  16. Dot Product Simulation Results • Created, documented, and used Java to VHDL manual process • Executed VHDL on Altera MaxPlusII tool. • Reconfigurable Hardware Method • Timing Control Component (conceptually reusable) • Memory Control Component (reusable) • Dot Product Component • Results • Dotproduct of two vectors, where n is the number of elements in each vector. • Java code on the JEM would take 79+424n clock cycles to execute. • The hardware version, however, takes 13+6n clock cycles. • Speed improvement of 70X! Jensen

  17. Future Plans Jensen

  18. JEM DesignCorrectness SecurePartitioning Adaptive Computing PMU Secure ReconfigurableArchitecture AdaptiveHigh IntegrityComputing FPGADesigns Hardware/SoftwareCo-design Partitioned Software Software Future Activities • Simulation System • Security Kernel Extension • Hardware Methods Automation • Application to Avionics Jensen

More Related