Framework for Evaluating Information Flows in Multicore Architectures for High Assurance Systems

Presented as part of the 2012 HCSS conference.

Abstract:

Designers of multicore architectures provide many options for bundling resources in the chip package. Simple architectures put multiple cores on a single chip and share bus interfaces and/or a common cache. System-on-a-Chip (SoC) and System-in-a-Package (SiP) designers choose to integrate additional functionality (e.g., audio and video, encryption engines, analog-to-digital converts, etc.) into the single chip package. As the communication complexity increases between different resources in a chip package, multicore designers continue to look at new methods to increase parallelism and scalability. The Network-on-a-Chip (NoC) method attempts to solve these problems by emulating a modern telecommunications network in a single chip package.

As with any new innovation, security architects and analysis must review the security ramifications of multicore architectures. For example, what new communication channels are present in the multicore architecture and what safeguards are available to protect those communication channels?  It is not readily apparent that existing multicore architectures maintain proper information flow isolation so as to enable implementation of secure systems, but single-core information flow identification and evaluation methods do not scale well to modern multicore architectures. This paper presents an information flow security analysis of multicore architectures.

Analyzing the information flow security attributes of multicore architectures is not as simple as conducting multiple single-core analyses, because most multicore architectures have onboard virtual systems interfacing the application layer with the system-on-a-chip.  An analysis framework, tailored to the complexities of multicore architectures and their onboard virtual machines, is needed.  The framework should expose overt and covert channel vulnerabilities in multicore architectures.

The University of Idaho Center for Secure and Dependable Systems (CSDS) has a long history of research defining and characterizing architectures for high assurance systems. The work presented here leverages the CSDS information flow analysis work from single core architectures into a framework for information flow analysis of multicore architectures.  We have applied the framework to Cell Broadband Engine (CBE), Freescale P4080, and Intel i7 Nehalem.  This presentation defines the multicore architecture security framework, discusses how it was applied to those three real architectures, and describes our results showing the limitations of these three architectures for use in high assurance systems.

Biographies:

Ryan Bradetich received his BSCS in 1997 and his MSCS in 2007 from the University of Idaho. He is a development manager at Schweitzer Engineering Laboratories, Inc. (SEL). Ryan currently manages teams working on communication and security products used in control system networks. Prior to joining SEL, he worked for Hewlett-Packard on the security team responsible for auditing and reporting the security status for approximately 20,000 UNIX and Windows® systems.

Dr. Paul W. Oman is a Professor of Computer Science at the University of Idaho. He is currently working on secure communications and critical infrastructure protection with grants from NSF, NIATT, and DARPA. From 200 to 2002 he served as a Senior Research Engineer at Schewitzer Engineering Laboratories, Inc. specializing in digital equipment for electric power system protection. Before joining SEL, he was Chair of the CS Department and held the distinction of Hewlett-Packard Engineering Chair for a period of seven years.

Dr. Jim Alves-Foss is the Director of the University of Idaho’s Center for Secure and Dependable Systems and is a professor of Computer Science. He received his BS degree in Mathematics and Computer Science and Physics from the University of California at Davis in 1989 and 1991 respectively. His main research interests are in the design and analysis of secure distributed systems, with a focus on formal methods and software engineering.