@PHDTHESIS{ 2024:1542617901,
 	title = {Securing applications in noc-based many-core systems : a comprehensive methodology},
 	year = {2024},
 	url = "https://tede2.pucrs.br/tede2/handle/tede/11673",
 	abstract = "Many-core systems on Chip (MCSoCs) achieve high performance through spatial parallelism.They include Processing Elements (PEs) interconnected by complex communication infrastructures as Networks-on-Chip (NoCs). As MCSoCs become widely adopted and their complexity increases, data protection emerges as a critical design requirement. The central research question of this Thesis is: ?how to protect applications running on MCSoCs against security threats?? The literature review identifies various defense techniques, including cryptography, authentication codes, error correction codes, and establishing communication flow profiles to detect anomalous behavior. While these methods protect the MCSoC from specific attacks, there is a gap in proposals of comprehensive protection against a wide range of potential threats (e.g. DoS and Eavesdropping). The first original contribution of this Thesis is a taxonomy that categorizes MCSoC security proposals into five orthogonal criteria: (1) source and type of the threats; (2) countermeasures; (3) application phase where countermeasures are executed; (4) overhead related to the countermeasures; (5) design time or runtime countermeasures. The Opaque Secure Zone (OSZ) is a runtime security mechanism designed for spatial isolation of applications, offering robust protection against external attacks. However, vulnerabilities persist when Hardware Trojans (HTs) infect OSZ routers or the need for secure communication with external IO devices. This Thesis approaches these vulnerabilities, proposing three original technical innovations: (1) Secure Mapping with Access Point (SeMAP): enables the simultaneous mapping of multiple OSZs, protecting secure applications against unauthorized accesses and ensuring the availability of paths to the IO devices using a lightweight authentication protocol; (2) Session Manager: a mechanism for monitoring, detecting, and recovering from attacks or faults disrupting packet delivery; (3) Integrated Security Framework: combines the developed security mechanisms into a comprehensive framework, sending security warnings to a System Manager. A severe attack campaign tested the platform?s resilience, which protected the platform against all attacks. The results showed successful data recovery and correct execution of all applications, with an average execution time penalty of 4.47%. This outcome underscores the effectiveness of the proposed countermeasures, demonstrating that securing applications has low cost in terms of execution time. The silicon area overhead is small, concerning the addition of a control NoC and modules for controlling access to the routers? links",
 	publisher = {Pontif?cia Universidade Cat?lica do Rio Grande do Sul},
 	scholl = {Programa de P?s-Gradua??o em Ci?ncia da Computa??o},
 	note = {Escola Polit?cnica}
}