Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

FPGAs: High Assurance through Model Based Design

advertisement 
FPGAs:
High Assurance
through Model Based
Design
AADL Workshop
24 January 2007
9:30 – 10:00
Yves LaCerte
Rockwell Collins
Advanced Technology Center
400 Collins Road N.E.
Cedar Rapids, IA 52498
ylacerte@rockwellcollins.cm
© Copyright 2006 Rockwell Collins, Inc.
All right reserved.
FPGA
• FPGAs comprise an array of
configurable logic blocks
and interconnect resources
Interconnects
Logic Block
I/O Block
– 200,000+ logic blocks
– 1,000 I/O pins
• Look-up table (LUT)
– small one bit wide memory
array
Configurable Logic Block (CLB)
Output
Input
24 January 2007
4Input
LUT
Clock
D
Flip
Flop
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
2
Typical Application
• Advanced Encryption Standard (AES)
– more physically secure in hardware
• cannot easily be read or modified by an outside attacker
– easily achieve Gigabit encryption rates and at least one order of
magnitude faster than the best reported software
• parallelization (pipelining and sub-pipelining) of the loop structure
• wide operand processing (e.g., 128 bits in one clock cycle)
– An FPGA Implementation and Performance Evaluation of the
AES Block Cipher Candidate Algorithm Finalists
» AJ Elbirt, W Yip, B Chetwynd, C Paar
» http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/pape
rs/08-aelbirt.pdf
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
3
Performance Characteristics
Performance Characteristics
Values
Target FPGA device
Maximum master clock frequency
__ MHz
Throughput
__ Gbit/s
Area [CLB slices]
__ CLB slices
Area [percentage of the target device resources] __ % of CLB slices
Area [Block RAMs]
__ Block RAMs
Area [percentage of the target device resources] __ % of Block RAMs
Power consumption
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
4
Typical Development Process
Specifications
System Model /
C Code
Static / Dynamic
Analysis
RTL Description
(VHDL or Verilog)
RTL
Simulation / Timing
Gate Level
Simulation
Synthesis
FPGA Place
and Route
24 January 2007
Post Layout
Simulation / Timing
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
5
The Challenge
• Transform system specification into a system
model suitable for FPGAs
– E.g. Impulse C
• Commercial version of Streams-C (Los Alamos National Lab)
• Add significant complexity
– E.g. High Assurance MILS I/O application
• Provably correct ≈ 5,000 lines of code
• Provably partitioned from the rest of the FPGA
• Total application over 50,000 lines of code
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
6
Implications
• Build a system model in Impulse C
– Highly parallelized implementation of system specs
– When is there enough parallelization?
• Architecture elements
– Processes, streams, signals, memory
– Clocking strategies
• High Assurance
– Prove correctness of security properties
– Prove MILS spatial partitioning
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
7
Ease The Burden
• Provably correct model transformations
• Helps High Assurance certification
• Model and analyze early
– Analysis performed at design time, before detailed
simulation of completed code
• Use architecture description language
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
8
Automated Transformations
• Model transformation
– Transform a model into another model
• From system specification to Impulse C …
• From processes and streams into standardized, error free
code
• Modeling blurs the distinction between HW and SW
engineers
Shift toward application domain expertise
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
9
Reduce Intellectual Gap
Specifications
?
System Model /
C Code
Static / Dynamic
Analysis
RTL Description
(VHDL or Verilog)
RTL
Simulation / Timing
Gate Level
Simulation
Synthesis
FPGA Place
and Route
24 January 2007
Post Layout
Simulation / Timing
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
10
Enhanced Process
Specifications
Architecture
Model
Architecture
Analysis
System Model /
C Code
Static / Dynamic
Analysis
RTL Description
(VHDL or Verilog)
RTL
Simulation / Timing
Gate Level
Simulation
Synthesis
FPGA Place
and Route
24 January 2007
Post Layout
Simulation / Timing
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
11
Transformations
Architecture
Analysis
Architecture
Model
Platform
Independent
Model
Clock
Strategy
Process
B
Transform
Rules
System Model /
C Code
Any language
Process
E
Process
A
Port
Depth
High Bandwidth
Synchronous
Platform
Specific
Platform
Model
Specific
Platform
Model
Specific
Model
Memory
Process
C
Process
G
Low Bandwidth
Asynchronous
Process
F
Process
D
Deployment
Execution
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
12
Transform to System Model
Architecture
Model
From code-oriented
to model-oriented
production
techniques
Platform
Independent
Model
Transform
Rules
Platform
Specific
Platform
Model
Specific
Platform
Model
Specific
Model
Any language
Clear separation of
the fundamental
logic of the
specification from
the particular
implementation
System Model /
C Code
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
13
Architecture Model
Building blocks for FPGA
hardware and computational
models using Streams C
language
Memory utilization
Deployment and execution
constraints
24 January 2007
Process
B
Memory
Process
E
Port
Depth
High Bandwidth
Synchronous
Processes, Ports, and
Connections
Process
A
Clock
Strategy
Process
C
Process
G
Low Bandwidth
Asynchronous
Process
F
Process
D
Deployment
Execution
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
14
Architecture Analysis
System
Architecture Analysis and Design Language (AADL)
Architecture description language
SAE standard AS5506
device
memory
bus
Models structure and high-level constraints of embedded
computer systems
processor
Abstract specifications with general system design
concepts
Components, interconnections, hierarchy, data
flow, etc.
Concrete Specifications
Properties (custom name/value pairs)
Annexes (non-standard language embedded in
AADL specifications)
24 January 2007
Data
Process
in
out
in out
Thread
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
15
AADL / FPGA Concepts
Impulse C
concept
AADL concept
Adaptation
Process
Process
(or thread)
Fixed execution rate.
Possibly depends on a global clock.
If using thread, one per process.
Streams
Data Port
Ports have depth and width.
Signal
Event Port
Occasional communication.
Typically for synchronization.
Memory
Memory
Many FPGA implementations possible.
Data
Data
Defines the payload of a stream.
Connections
Connectors
AADL Bus and information flow
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
16
Example – MILS I/O
• Multiple independent levels of security (MILS)
– Provides multi level enforcement by strict separation (the
I in MILS)
– A given separation (or partition) may hold a single level of
classification, or multiple single level (MSL)
• AADL experience with modeling MILS OS
• MILS applied to FPGA
– Separation of logic and pins
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
17
Example – MILS I/O
Trusted App on trusted OS
makes high assurance I/O decision
Trusted FPGA
makes high assurance I/O decision
High Assurance
Component
App
App
High Assurance
Component
App
MILS RTOS
FPGA
FPGA
FPGA
FPGA
NIC
NIC
NIC
Sensor Feed
Sensor Feed
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
18
Example – MILS I/O
Specifications
*
Architecture
Model
Architecture
Analysis
System Model /
C Code
*
Static / Dynamic
Analysis
RTL Description
(VHDL or Verilog)
RTL
Simulation / Timing
Synthesis
*
*
FPGA Place
and Route
Gate Level
Simulation
Post Layout
Verification tool
Simulation / Timing
MILS FPGA implementation and verification
AADL model and analysis artifacts
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
19
Conclusions
• FPGAs are important computational devices
– Traditionally the domain of hardware engineers
– Moving toward complex systems
• FPGAs have many “shared resource” issues of
traditional computational devices
– Performance parameters are somewhat different
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
20
Conclusions
• FPGA algorithm implementations
– High quality through model transformations
– Rapid through analyses of models
• Models and analyses are necessarily coarse grained
• Notions extensible to any FPGA and any code base
• FPGAs can be High Assurance
– MILS partitions proven through Verification Tool (logic
and pins)
24 January 2007
© Copyright 2006 Rockwell Collins, Inc. All right reserved.
21
Related documents
Power Point 1 - SequoyaAPT.org
Power Point 1 - SequoyaAPT.org
Software Registration Transfer Form
Software Registration Transfer Form
Boise State University Digital Systems Laboratory Electrical and Computer Engineering Department ECE230L
Boise State University Digital Systems Laboratory Electrical and Computer Engineering Department ECE230L
Abstract
Abstract
vlsi exponentially
vlsi exponentially
Download
advertisement