Hardware Trust Implications of 3-D Integration Ted Huffmire (NPS), Timothy Levin (NPS), Michael Bilzor (NPS), Cynthia E. Irvine (NPS), Jonathan Valamehr

  • View
    214

  • Download
    2

Embed Size (px)

Transcript

  • Slide 1
  • Hardware Trust Implications of 3-D Integration Ted Huffmire (NPS), Timothy Levin (NPS), Michael Bilzor (NPS), Cynthia E. Irvine (NPS), Jonathan Valamehr (UCSB), Mohit Tiwari (UCSB), Timothy Sherwood (UCSB), and Ryan Kastner (UCSD) 26 October 2010 Workshop on Embedded Systems Security (WESS)
  • Slide 2
  • Nile River Mystery on the Nile: Just Whose River Is It? Ethiopia Claims High Gound in Right-to-Nile Debate Thirsty Egypt Clings Tight to the Nile Weekend Edition Sunday (npr.org)
  • Slide 3
  • [Koyanagi05]
  • Slide 4
  • [Koyanagi05] Timeline
  • Slide 5
  • Alternative 3-D Approaches PoP [Lim10] Wire Bonding (SiP) [Amkor09]
  • Slide 6
  • Alternative 3-D Approaches PoP [Lim10]
  • Slide 7
  • Alternative 3-D Approaches [Amkor10]
  • Slide 8
  • Alternative 3-D Approaches Face-to-Face [Loh07]
  • Slide 9
  • Alternative 3-D Approaches Face-to-Back [Loh07]
  • Slide 10
  • What is 3Dsec? Economics of High Assurance High NRE Cost, Low Volume Gap between DoD and Commercial Disentangle security from the COTS Use a separate chip for security Use 3-D Integration to combine: 3-D Control Plane Computation Plane Need to add posts to the COTS chip design Dual use of computation plane
  • Slide 11
  • Pros and Cons Why not use a co-processor? On-chip? Pros High bandwidth and low latency Controlled lineage Direct access to internal structures Cons Thermal and cooling Design and testing Manufacturing yield
  • Slide 12
  • Thermal Challenges Thermal Simulation [Loh06, Melamed09]
  • Slide 13
  • Yield Challenges Wafer-to-Wafer Bonding [Euronymous07]
  • Slide 14
  • Testing Challenges [Thrigen10]
  • Slide 15
  • Cost Cost of fabricating systems with 3-D Fabricating and testing the security layer Bonding it to the host layer Fabricating the vias Testing the joined unit
  • Slide 16
  • This Paper Can a 3-D control plane provide useful secure services when it is conjoined with an untrustworthy computation plane? Yes, provided: Self-protection Dependency Layering
  • Slide 17
  • Face-to-Back Bonding [Valamehr10]
  • Slide 18
  • Primitives [Valamehr10]
  • Slide 19
  • Threat Model Computation plane Unintentional hardware flaws Malicious software Not in scope Malicious inclusions Nullify self-protection Probing of the control plane Compromising RF emissions
  • Slide 20
  • Security Model Self-protection Do not place a post that allows the control plane to accept extraneous power, requests, or modifications. Layered dependencies Control plane should not depend on the computation plane
  • Slide 21
  • Layered Dependencies Never depend on a layer of lesser trustworthiness
  • Slide 22
  • Dependency Properties Service Communication (e.g., I/O) Synchronization Call Resource Creation and Provision Storage Contention
  • Slide 23
  • 3-D Application Classes Enhancement of native functions Secure alternate service Isolation and protection Passive monitoring Information flow tracking Runtime correctness checks Runtime security auditing
  • Slide 24
  • Design Example Secure Alternate Service
  • Slide 25
  • Examples of 3-D Systems Network-on-Chip [Kim07]
  • Slide 26
  • Examples of 3-D Systems Network-on-Chip [Kim07]
  • Slide 27
  • Examples of 3-D Systems Particle Physics [Demarteau09]
  • Slide 28
  • Examples of 3-D Systems Chip Scale Camera Module [Yoshikawa09]
  • Slide 29
  • Examples of 3-D Systems 3D-PIC 3-D CMOS Imager [Chang10]
  • Slide 30
  • Examples of 3-D Systems 3-D Stacked Retinal Chip [Kaiho09]
  • Slide 31
  • Examples of 3-D Systems 3-D Stacked Retinal Chip [Koyanagi05]
  • Slide 32
  • Examples of 3-D Systems 3-D FPGAs [Razavi09]
  • Slide 33
  • Examples of 3-D Systems 3D-MAPS: Many-core 3-D Processor with Stacked Memory [Lim10] Solid work!
  • Slide 34
  • Examples of 3-D Systems [Eloy10]
  • Slide 35
  • Future Work Malicious Inclusions Off-Chip I/O Wireless Wired Power Fault-Tolerant Chips for Critical Systems
  • Slide 36
  • Wireless: Capacitive Coupling [Kim09]
  • Slide 37
  • Wireless: Optical Bidirectional Communication [Dietz03]
  • Slide 38
  • Questions? faculty.nps.edu/tdhuffmi