|
A distributed environment, such as with IoT, drastically increases the overall cyber-attack surface. This heightens the need to maintain the highest level of trust for each system device. The goal is to provide and maintain a trusted embedded computing system while minimizing performance impact. Alion has developed a platform that allows for the development of cyber-resilience technologies. The platform core is a heterogeneous system-on-chip that includes multiple processors, programmable logic, and memory. Such a system-on-chip allows for hardware-based resilience technologies that extend or enhance traditional software techniques. Trusting the platform begins with trusting the boot environment. Secure boot using the physically unclonable function supports confidentiality, integrity, and authentication of boot partitions. After trusted boot, separation and introspection maintain that trust. Hardware sandboxes ensure that applications operate in separate hardware containers. This not only eliminates information leakage between applications but also provides a means to isolate rogue IP introduced through an untrusted third party. A combination of hardware sandboxes and reference monitors provides hardware-based memory management. Hardware-accelerated cryptography and dynamic key management limit the ability of snooping or co-opting external communications or external memory. Dynamic introspection of system components detects anomalous behavior on-the-fly, including comparing program memory against a golden image and physically monitoring buses. Should the system detect anomalous behavior, secure recovery and reprovisioning forces the system back to a trusted state. These technologies can be applied to other systems and IC designs, used in whole or in part to balance the level of trust necessary and other system constraints.
|
