Sharing external memory resources between strongly isolated domains in high-end security applications
More Info
expand_more
Abstract
Nowadays, the society strongly depends on computer networks and systems as a means of reliable
communication and data storage. In order to maintain absolute security of the networks and thus
the society, one would need to separate everything, but this is not feasible. Consequently, sharing of
resources is inevitable. There are security products that rely on an FPGA to create domain separation.
The domain separation is required to prevent leakage of confidential information and manipulating of
critical processes.
A modern FPGA has enough resources to have multiple soft-cores initiated on it- each of them
working in a different domain. However, due to the limited amount of IO pins on an FPGA, using
multiple DRAM chips is not an option. Therefore a single DRAM is shared between multiple soft-cores,
threatening the domain separation.
The main threats when using a shared DRAM are communication channels due to latency deviations,
data corruption due to rowhammering and direct access to unauthorized data due to the data being
available on shared addresses. Research has been done to determine what causes the latency deviation
and how to mitigate it. The results of the research are that the only fundamental solution to mitigate the
latency deviation is to have a fixed latency when accessing the DRAM. A fixed time arbiter is designed
and tested. The fixed time arbiter is using a deterministic delay after each DRAM access in order to
mitigate the latency deviation.
Before mitigating the rowhammer vulnerability it is shown that rowhammering causes bitflips not
only in the adjacent rows, but also in non-adjacent rows. To mitigate the rowhammer vulnerability
for adjacent rows, a row refresher is created that tracks the rows that are accessed and refreshes the
adjacent rows when accessed more than the bitflip threshold. To mitigate the vulnerability for non
adjacent rows a test is created to give an overview of all non adjacent rows that contain bitflips so that
those rows can be be dedicated as unused guard rows.
The last part that is implemented is an address mapper to be sure that no soft-core can access the
addresses of another soft-core.
The fixed time arbiter, row refresher and address mapper are combined into the memory domain
protector. The consequence on the bandwidth of the DRAM is that the bandwidth is halved compared
to the benchmark design. The memory domain protector also uses 23× more logic than a standard
arbiter.