Embed Size (px)
Citation preview
Hardware Trust Implications of 3-D Integration
Ted Huffmire (NPS), Timothy Levin (NPS), Michael Bilzor (NPS), Cynthia E. Irvine (NPS), Jonathan Valamehr (UCSB), Mohit Tiwari (UCSB), Timothy Sherwood (UCSB), and Ryan
Kastner (UCSD)
26 October 2010
Workshop on Embedded Systems Security (WESS)
Nile River
• Mystery on the Nile: Just Whose River Is It?• Ethiopia Claims High Gound in Right-to-Nile Debate• Thirsty Egypt Clings Tight to the Nile• Weekend Edition Sunday (npr.org)
[Koyanagi05]
•
[Koyanagi05]
• Timeline
Alternative 3-D Approaches
• PoP [Lim10]
Wire Bonding (SiP) [Amkor09]
Alternative 3-D Approaches
• PoP [Lim10]
Alternative 3-D Approaches
• [Amkor10]
Alternative 3-D Approaches
• Face-to-Face [Loh07]
Alternative 3-D Approaches
• Face-to-Back [Loh07]
What is 3Dsec?
• Economics of High Assurance– High NRE Cost, Low Volume– Gap between DoD and Commercial
• Disentangle security from the COTS– Use a separate chip for security– Use 3-D Integration to combine:
• 3-D Control Plane• Computation Plane
– Need to add posts to the COTS chip design• Dual use of computation plane
Pro’s and Con’s
• Why not use a co-processor? On-chip?• Pro’s
– High bandwidth and low latency– Controlled lineage– Direct access to internal structures
• Con’s– Thermal and cooling– Design and testing– Manufacturing yield
Thermal Challenges
• Thermal Simulation [Loh06, Melamed09]
Yield Challenges
• Wafer-to-Wafer Bonding [Euronymous07]
Testing Challenges
• [Thärigen10]
Cost
• Cost of fabricating systems with 3-D– Fabricating and testing the security layer– Bonding it to the host layer– Fabricating the vias– Testing the joined unit
This Paper
• Can a 3-D control plane provide useful secure services when it is conjoined with an untrustworthy computation plane?
• Yes, provided:– Self-protection– Dependency Layering
Face-to-Back Bonding
• [Valamehr10]
Primitives
• [Valamehr10]
Threat Model
• Computation plane– Unintentional hardware flaws– Malicious software
• Not in scope– Malicious inclusions
• Nullify self-protection
– Probing of the control plane– Compromising RF emissions
Security Model
• Self-protection– Do not place a post that allows the control
plane to accept extraneous power, requests, or modifications.
• Layered dependencies– Control plane should not depend on the
computation plane
Layered Dependencies
• Never depend on a layer of lesser trustworthiness
Dependency Properties
• Service– Communication (e.g., I/O)– Synchronization
• Call• Resource Creation and Provision
– Storage
• Contention
3-D Application Classes
• Enhancement of native functions• Secure alternate service• Isolation and protection• Passive monitoring
– Information flow tracking– Runtime correctness checks– Runtime security auditing
Design Example
• Secure Alternate Service
Examples of 3-D Systems
• Network-on-Chip [Kim07]
Examples of 3-D Systems
• Network-on-Chip [Kim07]
Examples of 3-D Systems
• Particle Physics [Demarteau09]
Examples of 3-D Systems
• Chip Scale Camera Module [Yoshikawa09]
Examples of 3-D Systems
• 3D-PIC 3-D CMOS Imager [Chang10]
Examples of 3-D Systems
• 3-D Stacked Retinal Chip [Kaiho09]
Examples of 3-D Systems
• 3-D Stacked Retinal Chip [Koyanagi05]
Examples of 3-D Systems
• 3-D FPGAs [Razavi09]
Examples of 3-D Systems
• 3D-MAPS: Many-core 3-D Processor with Stacked Memory [Lim10] – Solid work!
Examples of 3-D Systems
• [Eloy10]
Future Work
• Malicious Inclusions• Off-Chip I/O
– Wireless– Wired
• Power• Fault-Tolerant Chips for Critical Systems
Wireless: Capacitive Coupling
• [Kim09]
Wireless: Optical
• Bidirectional Communication [Dietz03]
Questions?
• faculty.nps.edu/tdhuffmi
