Electronics, AFC, Phase I

Solid-State Scalable/Tileable Imaging Detector for High-Energy Neutron Radiography

Release Date: 06/11/2024
Solicitation: 24.4
Open Date: 06/26/2024
Topic Number: A244-045
Application Due Date: 07/30/2024
Duration: 6 months
Close Date: 07/30/2024
Amount Up To: $250,000

Objective

RISC-V High Assurance FPGA Softcore Aberdeen Architecture,” research topic is to create asoftcore processor based on the concepts presented in [1]-[7] and RISC-V [8] instruction set architecture.

Description

The government shall provide phase I contractor(s) with a non-exclusive, royalty free, government/commercial use license for US patents [1]-[2], and pending patent [3] for 10 years to develop a FPGA softcore based Aberdeen Architecture. License is not transferable. License ends if the company changes ownership, is sold, merges with another company (ies), etc.

Tiwari [9] describes the current performance at all costs approach. “Almost every recent microarchitectural technique is built around the notion of optimizing the common case… if one is protecting a secret or handling untrusted data, every operation performed on that secret will affect those internal states in one way or another. Non-interference requires that those affected internal states are then in no way visible to the other components [all hardware and software]”.

All shared resources result in covert channels leaking information. Malicious actors can modulate shared resources to leak more information. No hardware resource can base decisions on information from more than one process at a time. As early as 1975, Saltzer and Lipner [10] pointed out that covert channels in Multics leak information. In 2005, Bernstein [11] showed how timing information leaks AES key bit information. In 2009, Acıiçmez, et al. [12] illustrated how a branch predictor (a shared hardware resource) can be manipulated or modulated to leak key bit information.

In 2018, Spectre [13] and Meltdown [14] attacks maliciously manipulate hardware to leak information. To truly implement Saltzer and Schroeder’s security principles [15]-[17]; the security policy must be enforced from the hardware system architecture’s lowest level. Instruction execution must be at least one level above the security policy level, e.g. software cannot override, nor interact with any aspect of the security policy.

The OS Friendly Microprocessor Architecture or Redstone Architecture in [5] describes the cache bank, tag fields, and extended Harvard bus architecture for the Aberdeen Architecture. The Redstone Architecture provides for near real-time (a few clock cycles) context switching. The near zero context switch time offers another solution to information leakage prone conventional architectures.

In a traditional computer, an operating system manages computer system resources. Current microprocessors execute or run instructions without any verification or authentication. There is no difference between safe instructions, coding errors, and malicious instructions. Complete mediation [14] is a computer security principle meaning to verify access rights and authority for every operation. The Aberdeen Architecture can achieve near complete mediation for instruction execution [4].

The Aberdeen Architecture is also designed to block information leakage. It uses hardware-level state machine monitors for the trusted computing base. The state machine monitors provide security policies enforcing multiple information flow properties. The Aberdeen Architecture combines several protection methods to create a system security policy where the whole is greater than the individual security policies. The multiple security policies provide overlapping coverage, preventing brittleness and single-point security policy failures.

Phase I

For the Phase I proposal, research team shall describe the feasibility of developing a softcore Aberdeen Architecture implementation. The offeror shall investigate the high assurance capabilities of information flow tracking and monitoring. The offeror shall investigate state machine monitoring parallelism and the potential for providing very low latency security policies.

The offeror shall investigate the feasibility of creating a software compiler to take advantage of the Aberdeen Architecture security policies. For the phase I effort, the offeror shall demonstrate the feasibility and high assurance benefits of the Aberdeen Architecture over a conventional microprocessor. The offeror shall provide a close out report describing the proposed FPGA softcore architecture and compiler.

Phase II

Research team shall develop an Aberdeen Architecture FPGA softcore implementation and software compiler. Research team shall deliver a year 1 report and a year 2 report describing Aberdeen Architecture and test results. Research team shall deliver a FPGA softcore and compiler computer architecture report.

Offeror shall propose a demonstration project with government concurrence for the Phase II development effort. Offeror shall deliver to the government point of contact for test and evaluation: 2 prototype Aberdeen Architecture systems, compiler, all codes, software, etc. and licenses for all development tools to build and use the system. Research team shall provide 5 days of on-site training for the system.

Phase III

Offeror shall commercialize Aberdeen Architecture for both government and commercial application spaces. Aberdeen Architecture offers potential benefits across several fields including banking, communications, telecom, medical electronics, aerospace, automotive electronics, and networking.

Submission Information

For more information, and to submit your full proposal package, visit the DSIP Portal.

SBIR|STTR Help Desk: usarmy.sbirsttr@army.mil

A244 PHase I

References:

  1. P. Jungwirth and P. La Fratta: “OS Friendly Microprocessor Architecture,” US Patent 9,122,610 granted 1 September 2015. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9122610;
  2. P. Jungwirth: “Computer Security Framework and Hardware Level Computer Security in an Operating System Friendly Microprocessor Architecture,” US Patent 10,572,687 granted 25 February 2020. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/10572687;
  3. P. Jungwirth: “Secure Computer Architecture Using State Machines,” US Patent Application 20220269778, 02/18/2022. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20220269778;
  4. P. Jungwirth: “Aberdeen Architecture: High-Assurance Hardware State Machine Microprocessor Concept,” ARL Tech AD1138197, June 2021. https://apps.dtic.mil/sti/trecms/pdf/AD1138197.pdf;
  5. P. Jungwirth and P. La Fratta: “OS Friendly Microprocessor Architecture,” ARL Tech Report AD1032088, April 2017. https://apps.dtic.mil/sti/pdfs/AD1032088.pdf;
  6. P. Jungwirth, et al.: “Cyber Defense through Hardware Security”, Presentation, Disruptive Technologies in Information Sciences, Paper 10652-22, Orlando, FL, April 2018. https://doi.org/10.1117/12.2302805;
  7. P. Jungwirth and J. Ross, “Security Tag Fields and Control Flow Management,” 2019 SoutheastCon, Huntsville, AL, USA, 2019, pp. 1-6, doi: 10.1109/SoutheastCon42311.2019.9020332.;
  8. A. Waterman: “Design of the RISC-V Instruction Set Architecture,” Thesis, EECS Department, University of California, Berkeley 2016. http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-1.pdf;
  9. M. Tiwari, et al.: “Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security,” ACM Proceedings of the 38th annual international symposium on Computer architecture, pp. 189-200, San Jose, CA, 4-8 June 2011.;
  10. S. Lipner: “A Comment on the Confinement Problem,” Association for Computing Machinery, Vol. 9, No. 5, pp. 192-196, November 1975.;
  11. D. Bernstein: “Cache-timing attacks on AES,” 2005.  https://www.semanticscholar.org › Papers › Cache-timing attacks on AES;
  12. O. Acıiçmez, et al.: “Predicting Secret Keys via Branch Prediction,” Proceedings of the Cryptographers’ Lecture Notes in Computer Science, vol 4377, Springer, Berlin, Heidelberg, 2006. https://doi.org/10.1007/11967668_15;
  13. P. Kocher, et al.: “Spectre Attacks: Exploiting Speculative Execution,” Cornell University Library, 3 Jan 2018. arxiv.org/pdf/1801.01203.pdf;
  14. M. Lipp, et al.: “Meltdown,” Cornel University Library, 3 Jan 2018. https://arxiv.org/pdf/1801.01207.pdf;
  15. J. Saltzer and M. Schroeder: “The protection of information in computer systems,” Proceedings of the IEEE, Vol. 63, Issue 19, pp. 1278-1308, Sept. 1975.;
  16. R. E. Smith: “A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles,” IEEE Security Privacy, Vol. 10, Issue 6, pp. 20–25, November 2012. doi:10.1109/MSP.2012.85. ISSN 1540-7993;
  17. H. Shrobe, et al.: “Trust-Management, Intrusion Tolerance, Accountability, and Reconstruction Architecture (TIARA),” Massachusetts Institute of Technology, AFRL Final Technical Report AFRL-RI-RS-TR-2009-271, June 2009. www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA511350;
  18. S. Jero, et al.: “TAG: Tagged Architecture Guide,” ACM Comput. Surv. 55, 6, Article 124, pages 34, June 2023. https://doi.org/10.1145/3533704

Objective

RISC-V High Assurance FPGA Softcore Aberdeen Architecture,” research topic is to create asoftcore processor based on the concepts presented in [1]-[7] and RISC-V [8] instruction set architecture.

Description

The government shall provide phase I contractor(s) with a non-exclusive, royalty free, government/commercial use license for US patents [1]-[2], and pending patent [3] for 10 years to develop a FPGA softcore based Aberdeen Architecture. License is not transferable. License ends if the company changes ownership, is sold, merges with another company (ies), etc.

Tiwari [9] describes the current performance at all costs approach. “Almost every recent microarchitectural technique is built around the notion of optimizing the common case… if one is protecting a secret or handling untrusted data, every operation performed on that secret will affect those internal states in one way or another. Non-interference requires that those affected internal states are then in no way visible to the other components [all hardware and software]”.

All shared resources result in covert channels leaking information. Malicious actors can modulate shared resources to leak more information. No hardware resource can base decisions on information from more than one process at a time. As early as 1975, Saltzer and Lipner [10] pointed out that covert channels in Multics leak information. In 2005, Bernstein [11] showed how timing information leaks AES key bit information. In 2009, Acıiçmez, et al. [12] illustrated how a branch predictor (a shared hardware resource) can be manipulated or modulated to leak key bit information.

In 2018, Spectre [13] and Meltdown [14] attacks maliciously manipulate hardware to leak information. To truly implement Saltzer and Schroeder’s security principles [15]-[17]; the security policy must be enforced from the hardware system architecture’s lowest level. Instruction execution must be at least one level above the security policy level, e.g. software cannot override, nor interact with any aspect of the security policy.

The OS Friendly Microprocessor Architecture or Redstone Architecture in [5] describes the cache bank, tag fields, and extended Harvard bus architecture for the Aberdeen Architecture. The Redstone Architecture provides for near real-time (a few clock cycles) context switching. The near zero context switch time offers another solution to information leakage prone conventional architectures.

In a traditional computer, an operating system manages computer system resources. Current microprocessors execute or run instructions without any verification or authentication. There is no difference between safe instructions, coding errors, and malicious instructions. Complete mediation [14] is a computer security principle meaning to verify access rights and authority for every operation. The Aberdeen Architecture can achieve near complete mediation for instruction execution [4].

The Aberdeen Architecture is also designed to block information leakage. It uses hardware-level state machine monitors for the trusted computing base. The state machine monitors provide security policies enforcing multiple information flow properties. The Aberdeen Architecture combines several protection methods to create a system security policy where the whole is greater than the individual security policies. The multiple security policies provide overlapping coverage, preventing brittleness and single-point security policy failures.

Phase I

For the Phase I proposal, research team shall describe the feasibility of developing a softcore Aberdeen Architecture implementation. The offeror shall investigate the high assurance capabilities of information flow tracking and monitoring. The offeror shall investigate state machine monitoring parallelism and the potential for providing very low latency security policies.

The offeror shall investigate the feasibility of creating a software compiler to take advantage of the Aberdeen Architecture security policies. For the phase I effort, the offeror shall demonstrate the feasibility and high assurance benefits of the Aberdeen Architecture over a conventional microprocessor. The offeror shall provide a close out report describing the proposed FPGA softcore architecture and compiler.

Phase II

Research team shall develop an Aberdeen Architecture FPGA softcore implementation and software compiler. Research team shall deliver a year 1 report and a year 2 report describing Aberdeen Architecture and test results. Research team shall deliver a FPGA softcore and compiler computer architecture report.

Offeror shall propose a demonstration project with government concurrence for the Phase II development effort. Offeror shall deliver to the government point of contact for test and evaluation: 2 prototype Aberdeen Architecture systems, compiler, all codes, software, etc. and licenses for all development tools to build and use the system. Research team shall provide 5 days of on-site training for the system.

Phase III

Offeror shall commercialize Aberdeen Architecture for both government and commercial application spaces. Aberdeen Architecture offers potential benefits across several fields including banking, communications, telecom, medical electronics, aerospace, automotive electronics, and networking.

Submission Information

For more information, and to submit your full proposal package, visit the DSIP Portal.

SBIR|STTR Help Desk: usarmy.sbirsttr@army.mil

References:

  1. P. Jungwirth and P. La Fratta: “OS Friendly Microprocessor Architecture,” US Patent 9,122,610 granted 1 September 2015. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9122610;
  2. P. Jungwirth: “Computer Security Framework and Hardware Level Computer Security in an Operating System Friendly Microprocessor Architecture,” US Patent 10,572,687 granted 25 February 2020. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/10572687;
  3. P. Jungwirth: “Secure Computer Architecture Using State Machines,” US Patent Application 20220269778, 02/18/2022. https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20220269778;
  4. P. Jungwirth: “Aberdeen Architecture: High-Assurance Hardware State Machine Microprocessor Concept,” ARL Tech AD1138197, June 2021. https://apps.dtic.mil/sti/trecms/pdf/AD1138197.pdf;
  5. P. Jungwirth and P. La Fratta: “OS Friendly Microprocessor Architecture,” ARL Tech Report AD1032088, April 2017. https://apps.dtic.mil/sti/pdfs/AD1032088.pdf;
  6. P. Jungwirth, et al.: “Cyber Defense through Hardware Security”, Presentation, Disruptive Technologies in Information Sciences, Paper 10652-22, Orlando, FL, April 2018. https://doi.org/10.1117/12.2302805;
  7. P. Jungwirth and J. Ross, “Security Tag Fields and Control Flow Management,” 2019 SoutheastCon, Huntsville, AL, USA, 2019, pp. 1-6, doi: 10.1109/SoutheastCon42311.2019.9020332.;
  8. A. Waterman: “Design of the RISC-V Instruction Set Architecture,” Thesis, EECS Department, University of California, Berkeley 2016. http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-1.pdf;
  9. M. Tiwari, et al.: “Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security,” ACM Proceedings of the 38th annual international symposium on Computer architecture, pp. 189-200, San Jose, CA, 4-8 June 2011.;
  10. S. Lipner: “A Comment on the Confinement Problem,” Association for Computing Machinery, Vol. 9, No. 5, pp. 192-196, November 1975.;
  11. D. Bernstein: “Cache-timing attacks on AES,” 2005.  https://www.semanticscholar.org › Papers › Cache-timing attacks on AES;
  12. O. Acıiçmez, et al.: “Predicting Secret Keys via Branch Prediction,” Proceedings of the Cryptographers’ Lecture Notes in Computer Science, vol 4377, Springer, Berlin, Heidelberg, 2006. https://doi.org/10.1007/11967668_15;
  13. P. Kocher, et al.: “Spectre Attacks: Exploiting Speculative Execution,” Cornell University Library, 3 Jan 2018. arxiv.org/pdf/1801.01203.pdf;
  14. M. Lipp, et al.: “Meltdown,” Cornel University Library, 3 Jan 2018. https://arxiv.org/pdf/1801.01207.pdf;
  15. J. Saltzer and M. Schroeder: “The protection of information in computer systems,” Proceedings of the IEEE, Vol. 63, Issue 19, pp. 1278-1308, Sept. 1975.;
  16. R. E. Smith: “A Contemporary Look at Saltzer and Schroeder’s 1975 Design Principles,” IEEE Security Privacy, Vol. 10, Issue 6, pp. 20–25, November 2012. doi:10.1109/MSP.2012.85. ISSN 1540-7993;
  17. H. Shrobe, et al.: “Trust-Management, Intrusion Tolerance, Accountability, and Reconstruction Architecture (TIARA),” Massachusetts Institute of Technology, AFRL Final Technical Report AFRL-RI-RS-TR-2009-271, June 2009. www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA511350;
  18. S. Jero, et al.: “TAG: Tagged Architecture Guide,” ACM Comput. Surv. 55, 6, Article 124, pages 34, June 2023. https://doi.org/10.1145/3533704

A244 PHase I

Solid-State Scalable/Tileable Imaging Detector for High-Energy Neutron Radiography

RISC-V High Assurance FPGA Softcore Aberdeen Architecture