General information

During this postdoc at Columbia University, from September 2011 to October 2012, I proposed a new implementation of the DIFT (Dynamic Information Flow Tracking) concept that is better suited for heterogeneous designs, i.e. multi-processor systems with hardware accelerators.

DIFT is a security concept that finds widespread use in security, privacy and program analysis, by tagging each piece of data in a system and verifying in real-time that the data is not misused.

This work involved developing new SystemC simulations models (e.g. write-back processor caches, hardware security wrappers, hardware accelerators), using the SoCLib simulation framework. I also wrote kernel libraries (e.g. a security module in the MutekH exo-kernel) and ported multi-thread multimedia benchmark applications.

The results of this work were published in an international conference (International Conference on Hardware/Software Codesign and System Synthesis, 2013).

Paper abstract

In this paper, we describe for the first time, how Dynamic Information Flow Tracking (DIFT) can be implemented for heterogeneous designs that contain one or more on-chip accelerators attached to a network-on-chip. We observe that implementing DIFT for such systems requires holistic platform level view, i.e., designing individual components in the heterogeneous system to be capable of supporting DIFT is necessary but not sufficient to correctly implement full-system DIFT. Based on this observation we present a new system architecture for implementing DIFT, and also describe wrappers that provide DIFT functionality for third-party IP components. Results show that our implementation minimally impacts performance of programs that do not utilize DIFT, and the price of security is constant for modest amounts of tagging and then sub-linearly increases with the amount of tagging.