一种基于PowerPC的安全SoC设计

J4 ›› 2014, Vol. 36 ›› Issue (12): 2394-2399.

一种基于PowerPC的安全SoC设计

赵福发，郭炜，魏继增

（天津大学计算机科学与技术学院，天津 300072）

收稿日期:2014-05-20 修回日期:2014-07-15 出版日期:2014-12-25 发布日期:2014-12-25
基金资助:
中国科学院计算机体系结构国家重点实验室开放课题资助项目

A PowerPC based secure SoC design

ZHAO Fufa,GUO Wei,WEI Jizeng

(School of Computer Science and Technology,Tianjin University,Tianjin 300072,China)

Received:2014-05-20 Revised:2014-07-15 Online:2014-12-25 Published:2014-12-25

摘要/Abstract

摘要：

提出一种基于PowerPC的安全SoC架构，通过硬件隔离的方法防御软件攻击。将软硬件资源隔离成安全和非安全两种，由硬件控制资源访问请求，可以为上层软件提供更好的安全保障。基于这种思想，对基于PowerPC的SoC架构进行了安全扩展，为上层软件提供安全和非安全两种运行环境。任何数据访问请求都会根据运行环境以及所访问的资源的安全状态判定访问是否被允许。另外，针对这种安全架构，采用基于Qemu和SystemC的高层建模方法进行建模，验证了该架构能够有效保护数据安全。

关键词: 安全SoC, PowerPC, 软件攻击, 硬件隔离架构, 安全执行环境

Abstract:

A PowerPC based secure SoC architecture is proposed to defend software attacks by hardware isolation.If the hardware and software resources can be isolated to secure and nonsecure resources and all the access requests are controlled by specific hardware design, the software level will get a better safeguard.Based on this idea,a secure extension to the PowerPC based SoC architecture is proposed,which builds the secure and nonsecure runtime environment for software applications.According to the current runtime environment and security status,the permit of any access request is judged.In addition,the highlevel model based on QEMU and SystemC for the proposed secure SoC is completed to verify that it can indeed protect the security of data.

Key words: secure SoC;PowerPC;software attack;hardware isolation architecture;secured execution environment

赵福发，郭炜，魏继增. 一种基于PowerPC的安全SoC设计[J]. J4, 2014, 36(12): 2394-2399.

ZHAO Fufa,GUO Wei,WEI Jizeng. A PowerPC based secure SoC design [J]. J4, 2014, 36(12): 2394-2399.

参考文献［11］

［1］	Jin S,Huh J.Secure MMU:Architectural support for memory isolation among virtual machines［C］∥Proc of 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSNW),2011:217222.
［2］	Kalagiakos P,Bora M. Cloud security tactics:Virtualization and the VMM［C］∥Proc of the 6th International Conference on Application of Information and Communication Technologies (AICT),2012:16.
［3］	Sarmenta L F G,Van Dijk M, O'Donnell C W, et al. Virtual monotonic counters and countlimited objects using a TPM without a trusted OS［C］∥Proc of the 1st ACM Workshop on Scalable Trusted Computing, 2006:2742.
［4］	Levin D,Douceur J R, Lorch J R,et al.TrInc:Small trusted hardware for large distributed systems［C］∥Proc of NSDI’09, 2009:114.
［5］	Fletcher C W,Dijk M,Devadas S.A secure processor architecture for encrypted computation on untrusted programs［C］∥Proc of the 7th ACM Workshop on Scalable Trusted Computing,2012:38.
［6］	Fletcher C W,Ren L,Yu X,et al.Suppressing the oblivious RAM timing channel while making information leakage and program efficiency tradeoffs［C］∥Proc of HPCA’14, 2014:213224.
［7］	Ren L,Yu X,Fletcher C W,et al.Design space exploration and optimization of path oblivious RAM in secure processors［C］∥Proc of the 40th Annual International Symposium on Computer Architecture, 2013:571582.
［8］	ARM security technologybuilding a secure system using TrustZone technology comments.ARM technical white paper［EB/OL］.［20090410］.http://infocenter.arm.com/help/topic/com.arm.doc.prd29genc009492c/PRD29GENC009492C_trustzone_security_whitepaper.pdf.
［9］	Petrot F,Fournel N,Gerin P,et al.On MPSoC software execution at the transaction level［J］. IEEE Design and Test of Computers, 2011, 28(3):3243.
［10］	Bellard F.QEMU,a fast and portable dynamic translator［C］∥Proc of USENIX Annual Technical Conference, 2005:4146.
［11］	TIMA Lab.RABBITS:An environment for fast and accurate MPSoC simulation［EB/OL］.［20140312］.http://tima.imag.fr/sls/researchprojects/rabbits/.

[1]	张玉凤，楼芳，张历. 面向软件攻击面的Web应用安全评估模型研究[J]. J4, 20160101, 38(01): 73-77.
[2]	张玉凤，楼芳，张历. 面向软件攻击面的Web应用安全评估模型研究[J]. J4, 2016, 38(01): 73-77.
[3]	梅挺[1] 俞力[2] 罗万伯[2]. 基于Motorola PowerPC和嵌入式Linux的VPN网关设计[J]. J4, 2005, 27(8): 16-19.
[4]	陆成新. UnixWare虚存管理在PowerPC机器上的实现[J]. J4, 1998, 20(1): 54-58.