Enforcing memory policy specifications in reconfigurable hardware

While general-purpose processor based systems are built to enforce memory protection to prevent the unintended sharing of data between processes, current systems built around reconfigurable hardware typically offer no such protection. Several reconfigurable cores are often integrated onto a single chip where they share external resources such as memory. While this enables small form factor and low cost designs, it opens up the opportunity for modules to intercept or even interfere with the operation of one another. We investigate the design and synthesis of an FPGA memory protection mechanism capable of enforcing access control policies and a methodology for translating formal policy descriptions into FPGA enforcement mechanisms. The efficiency of our access language design flow is evaluated in terms of area and cycle time across a variety of security scenarios. We also describe a technique for ensuring that the internal state of the reference monitor cannot be used as a covert storage channel.