Skip to Main content Skip to Navigation

Architecture de sécurité dynamique pour systèmes multiprocesseurs intégrés sur puce

Joël Porquet 1
1 ALSOC - Architecture et Logiciels pour Systèmes Embarqués sur Puce
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : This thesis presents the multi-compartment approach. This approach enables a secure and flexible co-hosting of multiple autonomous software stacks within a same multiprocessor system-on-a-chip. In the field of multimedia oriented consumer devices, such autonomous software stacks generally represent the assets of the different stakeholders. These stakeholders, chips and set-top boxes manufacturers, network operators, content providers and customers, do not necessarily trust each other. Hence, the requirement to find a means to execute those software stacks together, while enforcing a certain degree of isolation. Multimedia chips are heavily heterogeneous -- a few general purpose processors are assisted by numerous specialized processors or coprocessors -- and follow a shared memory policy. These hardware specificities make it difficult, and even impossible, to solve this problematic with recent co-hosting techniques only (e.g. virtualization). The multi-compartment approach consists in a new trust model, more flexible and generic than the current ones. It allows various software stacks to run securely and simultaneously on heterogeneous hardware platforms. In particular, the core of the proposed approach is composed of a global mechanism for protection. Such a mechanism is responsible for the secure sharing of the single address space and is placed within the interconnect to ensure the best control. The multi-compartment approach also presents solutions for sharing peripheral devices, and more precisely DMA capable devices, among software stacks. Finally, the approach introduces solutions for the hardware interrupts redirection problem, a collateral aspect to the peripheral devices sharing. The main building blocks of the proposed hardware and software solutions are implemented along with the conception of an experimental platform, under the form of a virtual prototype. In addition to validating the approach, the platform is measured in terms of cost, performance and hardware surface. Considering both aspects, the obtained results show the cost is negligible.
Document type :
Complete list of metadatas

Cited literature [1 references]  Display  Hide  Download
Contributor : Joël Porquet <>
Submitted on : Monday, March 7, 2011 - 10:56:24 AM
Last modification on : Friday, January 8, 2021 - 5:32:09 PM
Long-term archiving on: : Saturday, December 3, 2016 - 5:26:41 PM


  • HAL Id : tel-00574088, version 1


Joël Porquet. Architecture de sécurité dynamique pour systèmes multiprocesseurs intégrés sur puce. Informatique [cs]. Université Pierre et Marie Curie - Paris VI, 2010. Français. ⟨tel-00574088⟩



Record views


Files downloads