A secure hardware to enable trustworthy computing

From F-Si wiki
Jump to navigation Jump to search
  • Speaker: Sebastian Haas
  • email: sebastian.haas@barkhauseninstitut.org

Downloads

File:FSiC2025 BI SecureHardware.pdf

Abstract

Modern computational devices are, without a doubt, among the most complex systems in the world. They provide computing power that would have been unthinkable decades ago. Unfortunately, this immense power comes at a price. Computational systems have been growing in complexity, which makes it virtually impossible to keep them bug-free. In the way computational devices are constructed traditionally, any bug—and may it be in the tiniest and most insignificant module—has the potential to serve as an exploit for a malicious attacker to compromise the whole system. Countless examples of bugs in commercial processing hardware underline this fact. Whether these “bugs” are inserted unintentionally or as hardware trojans on purpose is irrelevant.

We present a trustworthy platform consisting of a system-on-chip (SoC) and an operating system (OS), called M³, that aims to reduce the risk of an application falling victim to the exploitation of a bug. As history shows, bugs are inevitable, and their probability increases with system size/complexity in software and hardware. Our platform reduces the risk of running into an exploitable bug by minimizing the amount of hardware and software an application must trust. In our presented hardware/operating system co-design, both hardware and software implement a strong isolation of processes that is controlled by the OS and enforced directly in the hardware. On the OS layer, this is well known as the microkernel approach, centralizing only a minimal set of functionalities into the kernel. The kernel is “only” responsible for scheduling, resource management, and inter-process communication. Usually, the isolation of processes must assume correctness of almost the complete hardware. In our SoC, communication between processors, and also between processors and memory, is possible through a network-on-chip (NoC). From the processors’ point of view, entrance to the NoC is guarded by a hardware component called Trusted Communication Unit (TCU), which checks each access of the processor. All TCUs in the system are controlled by the kernel. Hence, the kernel has to trust the TCUs only. Because the TCU’s complexity is only a fraction of a small RISC-V processor, the probability of falling victim to a hardware bug is reduced dramatically.

Hardware (selected SoC components incl. TCUs) and the microkernel-based operating system M³ are available as open source:

https://github.com/Barkhausen-Institut/M3-hardware

https://github.com/Barkhausen-Institut/M3

Software

General information

References

Nils Asmussen, Till Miemietz, Sebastian Haas, Michael Roitzsch: Distrusting Cores by Separating Computation from Isolation. Journal of Systems Architecture (JSA), 2025

Sebastian Haas, Christopher Dunkel, Friedrich Pauls, Mattis Hasler, Yogesh Verma: Trustworthy Silicon: An MPSoC for a Secure Operating System. 2024 IEEE Nordic Circuits and Systems Conference (NorCAS), 2024

Nils Asmussen, Sebastian Haas, Carsten Weinhold, Till Miemietz, and Michael Roitzsch: Efficient and Scalable Core Multiplexing with M³v. International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'22), 2022

Retrieved from "https://wiki.f-si.org/index.php?title=A_secure_hardware_to_enable_trustworthy_computing&oldid=4169"