Software exploitable Hardware Trojan Horses (HWTs) have been currently inserted in commercial CPUs and, very recently, in memories. Such attacks may allow malicious users to run their own software or to gain unauthorized privileges over the system. Therefore, HWTs are nowadays considered a serious threat both from academy and industry. This paper presents a protection architecture meant to shield the communication between the CPU and the memory in a microprocessor-based system. The architecture aims at detecting the activation on HWTs infesting the instruction and data memories of the system. Our proposal relies on the use of Bloom Filters (BFs) that are included in ad-hoc designed checkers and integrated in the protection architecture. BFs guarantee zero false alarms and a small (and configurable) percentage of undetected alarms. We applied the protection architecture to a case study system based on a RISC-V microprocessor implemented on an FPGA and running a set of software benchmarks. Our proposal demonstrated to be able to detect more than 99% of possible HWTs activations with zero false alarms. We measured a lookup table overhead ranging from 0.68% up to 10.52% and a flip-flop overhead between 0.68% and 0.99%, and with no working frequency reduction.
A Microprocessor Protection Architecture against Hardware Trojans in Memories
Cassano L.;Ottavi M.
2020-01-01
Abstract
Software exploitable Hardware Trojan Horses (HWTs) have been currently inserted in commercial CPUs and, very recently, in memories. Such attacks may allow malicious users to run their own software or to gain unauthorized privileges over the system. Therefore, HWTs are nowadays considered a serious threat both from academy and industry. This paper presents a protection architecture meant to shield the communication between the CPU and the memory in a microprocessor-based system. The architecture aims at detecting the activation on HWTs infesting the instruction and data memories of the system. Our proposal relies on the use of Bloom Filters (BFs) that are included in ad-hoc designed checkers and integrated in the protection architecture. BFs guarantee zero false alarms and a small (and configurable) percentage of undetected alarms. We applied the protection architecture to a case study system based on a RISC-V microprocessor implemented on an FPGA and running a set of software benchmarks. Our proposal demonstrated to be able to detect more than 99% of possible HWTs activations with zero false alarms. We measured a lookup table overhead ranging from 0.68% up to 10.52% and a flip-flop overhead between 0.68% and 0.99%, and with no working frequency reduction.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
