IACR News item: 08 May 2015
Devu Manikantan Shila, Vivek Venugopalan, Cameron D Patterson
ePrint ReportFIDES essentially comprises of two components: (i) {\\em Trusted Wrappers}, a layer of monitors with sensing capabilities distributed across the FPGA fabric; these wrappers embed the output of each IP core $i$ with a tag $\\tau_i$ according to the pre-defined security policy $\\Pi$ and also verifies the embeddings of each input to the IP core to detect any violation of policies. The use of tagging and tracking enables us to capture the generalized interactions of each IP core with its environment (e.g., other IP cores, memory, OS or I/O ports). {\\em Trusted Wrappers} also monitors the statistical properties exhibited by each IP core functions on execution such as power consumption, number of clock cycles and timing variations to detect any anomalous operations; (ii) a {\\em Trusted Anchor} that monitors the communication between the IP cores and the peripherals with regard to the centralized security policies $\\Psi$ and the statistical properties produced by the peripherals. We target FIDES architecture on a Xilinx Zynq 7020 device for a red-black system comprising of sensitive and non-sensitive IP cores. Our FIDES implementation leads to only 1-2\\% overhead in terms of the logic resources per wrapper but 4-5X increase in latency (worst case scenario), measured in terms of clock cycles, as compared to the baseline implementation.
Additional news items may be found on the IACR news page.