AMBA AXI is one of the most popular standards for implementing on-chip communication on modern System-on-Chips. AXI enables the definition of complex multi-manager (i.e., processors, hardware accelerators, DMAs, etc.), multi-subordinate (i.e., memories, peripherals, I/O, etc.) heterogenous systems. One of the key strengths of the protocol resides in its flexibility. Nevertheless, such protocol flexibility, if properly exploited, can enable a malicious manager to generate extremely threatening conditions for the whole system, ranging from bandwidth stealing to complete denial-of-service of shared resources. These conditions are generated leveraging legitimate behaviors for the AXI standard;thus, they could be difficult to discover during verification, especially when third-party IP managers are integrated into mission-critical systems.
In this talk, I’ll demonstrate how such attacks can be conducted. To demonstrate the criticality of such attacks for real systems, I’ll demonstrate such issues on real multi-manager architectures deployed on two commercial FPGA SoC platforms and leveraging fully AXI-compliant managers and the standard AXI library for system interconnect implementation provided by the FPGA vendor. The attacks are also demonstrated on a realistic mixed-critical application scenario inspired by the requirements of modern automotive applications and involving a hardware accelerator for Deep Neural Networks and time-critical hardware accelerators running on a commercial FPGA MPSoC platform nowadays popular for automotive applications.
Finally, I’ll discuss solutions to avoid such attacks and their limitations.
Francesco Restuccia is a postdoctoral researcher at the University of California, San Diego. He received his Ph.D. in Computer Engineering (cum laude) from Scuola Superiore Sant'Anna Pisa in 2021. In 2017 he has been engineering graduate intern at the Fermi National Accelerator Laboratory of Chicago, USA.
His main research interest includes predictability, safety, and security for hardware acceleration on heterogeneous platforms, cyber-physical systems, and time predictable hardware acceleration of deep neural network models on commercial FPGA SoC platforms.