COMP3211/9211 Application Specific Processor
Application Specific Processor
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
COMP3211/9211 Computer Architecture Project
Application Specific Processor (ASP)
This project is to be completed by your lab groups.
Deliverables for this project contribute to the group report due on Monday, April 22 (see
the Assessments section for details).
General Description
Data integrity is important to the security of networked computing systems. The data
processed in a processor system may be tarred by soft errors (for example, a
temporary condition in DRAM can unintendedly alter stored data). Furthermore, when
transferred over the network, the data can be under integrity attack by adversaries.
This project is to design an application specific processor (ASP) that offers a double-
layer protection: soft error detection (layer 1) and integrity attack detection (layer 2), as
illustrated in Figure 1. The ASP sits between a processor system and a network to
make sure that 1) the data sent out to the network is soft-error free, and 2) the data
received from the network and to be used by the destination processor is not tampered.
network
Processor system B
Layer 1:
Soft Error Detection
Tagging
ASP
D: data
P: parity of D
T: tag of D
Authentication
D||T
D
soft errors
integrity
attack
Processor system A
D||P
D||T
Layer 1:
Soft Error Detection
Tagging
D
ASP
Authentication
soft errors
Layer 2: Layer 2:
Figure 1: General Overview of ASPs in Networked Processor Systems. The blue lines
highlight the data flow from Processor System A to Processor System B through the
protection layers. The data flow from B to A is shown in purple lines.
Many approaches exist for detecting soft errors and for checking data integrity. Below
are some simplified designs for each layer.
2
Layer 1: Soft Error Detection
Since soft error is not induced by malicious action and the probability of multi-bit error is
very low, we use a parity-based design for 1-bit soft error detection, as shown in Figure
2, where the parity bit (P) of data (D) is generated by the (sender) processor system.
Upon receiving both data and the parity bit, the ASP checks the data based on the parity
bit. If the parity bit of the received data is the same as the received parity bit, the data is
deemed as error free and will be passed to the next protection layer (i.e. Layer 2);
Otherwise, the data is considered to have soft error and an alert to the processor system
is generated for retransmission.
Parity Calculation
P = Parity(D)
P = P?
yes
no
Processor System A
D||P
error alert
data dropped
D
Layer 1
Soft Error Detection
Layer 2
Figure 2: Layer 1. The soft error detection based on parity bit.
Layer 2: Integrity Attack Detection
For the integrity attack, because it is often skillfully crafted by the attacker, we need to
use a relatively sophisticated approach to counter the attack.
tag
generation
D
D||T
T T?
||
tag
generation
yes
no
Tagging
Network
Authentication
Layer 1 (Processor System A)
T
D||T
T
attack alert
data dropped
Processor System B
D
D
T
Layer 2 Integrity Attack Detection
(a) (b)
Figure 3: Layer 2. The design consists of two components (a) tagging for the data to be
sent (b) authentication for the data received.
3
Our design for this layer uses a tag-based approach. It consists of two operational
components: 1) Tagging, to attach a tag to the data to be sent to the network, and 2)
Authentication, to check the integrity of the data received from the network. Both
components work together (one from the sender’s processor system and another from
the receiver’s processor system) for integrity attack detection, as shown in Figure 3.
It must be pointed out that the ASP attached to a processor system contains both
components (tagging and authentication) for in and out data (see Figure 1 for an
overview picture). And both components can perform concurrently.
For each data transfer, the ASP on the sender side generates a tag, and sends both the
data and its tag to the receiver. On the receiver side, a new tag, T’, is computed based
on the received data and is then compared with the received tag, T. If they are the same,
the received data is accepted and an acknowledgement will be sent to the sender;
otherwise, the data is dropped, and an alert is recorded, which will be used later for
security analysis. If no acknowledgement is received after a time-out, the sender can
either redo or abort the data transmission.
D3 D2 D1 D0
BF
A3 A2 A1 A0
RLS(r3) RLS(r2) RLS(r1) RLS(r0)
B3 B2 B1 B0
XOR
tag
data
( a )
01000011 01001111 01001101 01010000
BF
10111100 10110000 01001101 10101111
RLS(r3) RLS(r2) RLS(r1) RLS(r0)
00101111 10110000 11010100 01011111
XOR
00010100
COMP
110 000 100 001
r3 r2 r1 r0
( b )
( c )
2 0
r0
5 3
r1
8 6
r2
11 9
r3BF(3-0)
15 12
1101
BF
Figure 4: (a) Tag Generation Scheme (b) 16-bit Secret Key (c) Example
Both the sender and the receiver use the same tag generation scheme. Figure 4(a)
shows a simple design, where data is partitioned into blocks and the block size is the
same as the tag size. The scheme consists of three operations: block flip (BF), rotate-
left-shift (RLS), and logic XOR, as indicated by the shaded blocks in the figure, which is
further explained below.
Assume the input data to be tagged is four bytes long, denoted as D3-D0, and that the
tag size is 8 bits. For each block Di (i=0,..,3), it is first bitwise-flipped if BF(i)=1; then
4
operation RLS(ri) rotate-left-shifts the block (Ai) ri bits. The resulting four blocks, B3-B0,
are finally XORed to form a tag value for the input data.
The control values BF(i) and ri for the BF and shift operations are given in a secret key,
as shown in Figure 4(b). The key is only known to the sender and the receiver.
For illustration, Figure 4(c) shows how tag value, “00010100”, is generated for the ASCII
string “COMP” with the secret key 1101101000100001.
Requirements:
For this project, you need to build an ASP processor. Specifically, you are required to
• design an instruction set architecture that is efficient, easy to implement, and
allows for both the soft error detection and data authentication to be completed
as fast as possible,
• build a pipelined processor for your instruction set,
• devise a few test cases to verify your design for at least two different tag sizes
(e.g. 4 bits, 8 bits) and input data sizes (e.g. 16 bits, 32 bits), and
• analyse the performance and implementation cost of your design.
Here, we assume the inputs to the processor are stored in a text file; the code and other
data, such as the secret key and outputs generated from the processor, are stored in
memory.
Note:
• Use of cache is optional.
• For any information not given in this specification but you think is necessary in
your design, you can make reasonable assumptions.
Guide to project development:
Each project group is required to make a detailed project development plan which
includes:
• tasks that need to be performed in order to complete this project,
• the schedule of the tasks,
• the role of each member for these tasks,
• the test method for each task,
• a project management strategy to ensure that the project work is carried out
smoothly and completed on time with a quality as good as possible.
5
Assessments (total 100 marks)
The assessment for each group consists of
• group presentation (30%)
o assessed by the peers in your TLB class in Week 10. Each group will be
given 25 mins.
o A form will be available for the peer assessment.
• lab demonstration (50%)
o assessed by the tutor in your TLB class in Week 10.
• report (20%)
o Give submission of code and report due on Monday (11:59pm), Week 11
(April 22)
▪ zip your Vivado project and the project report. Each group only
needs to submit one copy. The submission system will be set up
on the Assignment page of the course website in Week 10.
o Note: Report is a written form of the project design. It should be extensive
in content, effective in use of figures and tables, and concise and succinct
in description.
In addition, each member needs to submit a form about the contribution of each member
(including yourself) in your group before Friday Week 11 (11:59pm Thursday). On
submission of this form, make sure the contributions of all members add up to 100%.
The calculation of your individual marks for the assignment is based on two components:
the mark of whole group (G) and your relative contribution (C). It is calculated as G*C
but capped by 100, as demonstrated in the following two examples:
• For a group of four members, if everyone contributes equally and the group has a
mark of 90, each member’s mark will be min{90*(100%/4)/(100%/4), 100}=90.
• For a group of four members with a group mark of 70, if individual contributions
are 10%, 20%, 20%, and 50%, respectively, the one with the highest contribution
will receive a mark of min{70*50%/(100%/4), 100}=100.