Automatic ILP-based Firewall Insertion for Secure Application-Specific Networks-on-Chip

Next to performance, it becomes increasingly important that Networks-on-Chip (NoCs) also provide security features such as access control, authentication and availability. They are usually implemented by firewalls at the network interfaces (NIs) of the processing elements (PEs). This paper provides a more efficient way to integrate these security requirements into application-specific NoCs by inserting firewalls also between NoC routers. This approach helps to reduce the communication overhead required for the security information in the packet headers, which can consume 3% to 9% of the total communication bandwidth. It is challenging to manually find the optimal firewall configuration because an application-specific NoC has an irregular topology, which is customized for certain known application, e.g. a smartphone chip. Thus, we show how to automatically solve this problem by formulating it as an Integer Linear Programming (ILP) problem. The solution results in firewall positions such that the communication overhead is minimized and all given security requirements are satisfied. Experiments are performed on two industrial system specifications. Compared to the solution with the firewalls at the NIs, communication overhead is reduced by up to 63%. The optimization only takes a few seconds for a standard ILP solver.