TY - GEN
T1 - Automatic ILP-based firewall insertion for secure application-specific networks-on-chip
AU - Hu, Yong
AU - Müller-Gritschneder, Daniel
AU - Sepulveda, Martha Johanna
AU - Gogniat, Guy
AU - Schlichtmann, Ulf
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/2/27
Y1 - 2015/2/27
N2 - Next to performance, it becomes increasingly important that Networks-on-Chip (NoCs) also provide security features such as access control, authentication and availability. They are usually implemented by firewalls at the network interfaces (NIs) of the processing elements (PEs). This paper provides a more efficient way to integrate these security requirements into application-specific NoCs by inserting firewalls also between NoC routers. This approach helps to reduce the communication overhead required for the security information in the packet headers, which can consume 3% to 9% of the total communication bandwidth. It is challenging to manually find the optimal firewall configuration because an application-specific NoC has an irregular topology, which is customized for certain known application, e.g. a smartphone chip. Thus, we show how to automatically solve this problem by formulating it as an Integer Linear Programming (ILP) problem. The solution results in firewall positions such that the communication overhead is minimized and all given security requirements are satisfied. Experiments are performed on two industrial system specifications. Compared to the solution with the firewalls at the NIs, communication overhead is reduced by up to 63%. The optimization only takes a few seconds for a standard ILP solver.
AB - Next to performance, it becomes increasingly important that Networks-on-Chip (NoCs) also provide security features such as access control, authentication and availability. They are usually implemented by firewalls at the network interfaces (NIs) of the processing elements (PEs). This paper provides a more efficient way to integrate these security requirements into application-specific NoCs by inserting firewalls also between NoC routers. This approach helps to reduce the communication overhead required for the security information in the packet headers, which can consume 3% to 9% of the total communication bandwidth. It is challenging to manually find the optimal firewall configuration because an application-specific NoC has an irregular topology, which is customized for certain known application, e.g. a smartphone chip. Thus, we show how to automatically solve this problem by formulating it as an Integer Linear Programming (ILP) problem. The solution results in firewall positions such that the communication overhead is minimized and all given security requirements are satisfied. Experiments are performed on two industrial system specifications. Compared to the solution with the firewalls at the NIs, communication overhead is reduced by up to 63%. The optimization only takes a few seconds for a standard ILP solver.
KW - Application-specific NoC
KW - Firewall
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84934292069&partnerID=8YFLogxK
U2 - 10.1109/INA-OCMC.2015.9
DO - 10.1109/INA-OCMC.2015.9
M3 - Conference contribution
AN - SCOPUS:84934292069
T3 - Proceedings - 2015 9th International Workshop on Interconnection Network Architectures: On-Chip, Multi-Chip, INA-OCMC 2015
SP - 9
EP - 12
BT - Proceedings - 2015 9th International Workshop on Interconnection Network Architectures
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2015 9th International Workshop on Interconnection Network Architectures: On-Chip, Multi-Chip, INA-OCMC 2015
Y2 - 19 January 2015
ER -