ABSTRACT. The operating system's traditional design controls and manages all system resources, which comes at the cost of performance and scalability overhead. The scalability overhead results from the kernel's internal metadata structures and locks primarily designed for sequential access. Additionally, implementing software services and resource management requires compliance with the strict kernel abstractions and programming paradigms that can result in semantic bugs. Although plausible, decoupling from the strict kernel control path and code stack comes at the penalty of losing a higher trust entity to enforce protection separation and protection of user code and data. This paper offers a hardware-assisted method to run confined user-space functions at a higher privilege level. Our method allows the implementation of fined-grained user-level services and protocols without modifying the operating system's protection scheme. This is done by introducing two high-level instructions to the x86 ISA. Our simulation shows that user-level functions that leverage our instructions run in the same order as standard function calls, while the real benefit lies in the flexibility and ability to decouple the protected code from the kernel limitations.

ABSTRACT. The increasing amount of logic resources in FPGA architectures has enabled the realization of larger and more complex designs. Today, most of the large-scale designs rely heavily on off-the-shelf Intellectual Property Cores (IP Cores) to ease their development. This dependency raises an important issue: the unlicensed use of IP Cores. In this paper, we utilize LUT contents, which represent the functionality of an IP Core, as a signature to determine if a core might be part of an accused design. For this, we present a technique to reconstruct the contained LUT contents from modern FPGA configurations which not only contain 6-input one-output LUTs but also 5-input two-output LUTs. By making use of LUT decomposition together with a fast Boolean matching algorithm, we consolidate the work for commercial architectures. The proposed method is evaluated using 8 IP Cores to find in 4 different designs using two different architectures. Our findings show a 100% identification rate with no false-positives or false-negatives for all experiments carried out. Especially the presence of larger cores can be established with a difference of up to 10% between true and false positives.

ABSTRACT. In the last years, System-on-Chip (SoC)-FPGAs have been widely used in Mixed-Criticality Systems, where multiple applications with different criticality domains are executed. In these systems, it is essential to guarantee isolation between the associated memory regions and peripherals of different application domains. Most high-performance SoC-FPGAs already provide hardware components for supporting isolation. By contrast, low-cost SoC-FPGAs usually don't have any mechanism for guaranteeing isolation. In this paper, we investigate the problem of hardware spatial isolation in low-cost SoC-FPGAs. First, we point out the issues and the limitations given by the fixed components in the Processing System and show how to address them. Second, we propose a Protection Unit, which is a lightweight hardware architecture for AXI communication that ensures memory and peripheral isolation between masters of different protection domains. The proposed architecture can be instantiated either on the master or on the slave side of an AXI interconnection. In addition, it is scalable from 1 to 16 memory regions, and application domains and policies are set up at run-time. We implement our architecture on the SoC-FPGA XC7Z020, where a Microblaze soft-core and the Arm Cortex-A9 are used simultaneously for different application domains. In the proposed implementation, the Protection Unit is implemented in combinatorial logic, and its execution does not contribute to the critical path. Therefore, it adds zero latency for the single communication transition and uses only 0,5% lookup tables and 0,1% flip-flops of the target SoC-FPGA.

ABSTRACT. Memristors are receiving a growing attention for many differentapplication areas in computer engineering. Besides replacement for main memory and storage class memory they can also be used as configuration memory in FPGAs. Unfortunately, memristors will not be 100 % defect free. This paper first categorizes the different types of errors that memristors can exhibit. Then it is shown how configuration memory can be built in FPGAs using memristors. Using these defect types and configuration memory implementations, the influence of these defects on the operation of FPGAs is analyzed. We carry out this novel analysis with respect to logic implementation and with respect to the routing architecture. It turns out that the respective choices of current FPGAs are not well suited for memristor based configuration memory since even 1 % defect rate among the memristors prevents successful implementation of any of our benchmarks.

ABSTRACT. The interest of the space industry in Real-Time Operating Systems for achieving stringent real-time requirements is drastically increasing. Among the different available hardware architectures, the solution of RTOS implemented on soft processors embedded in programmable devices is one of the most efficient and flexible solutions for mission deployment. However, radiation-induced failures are a severe concern affecting the reliability of electronic systems in space applications. In this paper, we investigate the impact of radiation-induced architectural faults affecting the reliability of applications running on a Xilinx Microblaze embedded soft-processor within the FreeRTOS Operating System. We developed a fault model through a proton radiation test, while the effects of the faults are evaluated in terms of Mean Time To Failure and Mean Time To Executions, by a fault injection campaign using detected fault models. Finally, the occurrence and contribution to the error rate of specific MBUs events based on different shapes and sizes are evaluated through dedicated fault injection campaigns.