CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.7)  
ID

CWE-1331: Improper Isolation of Shared Resources in Network On Chip (NoC)

Weakness ID: 1331
Abstraction: Base
Structure: Simple
Presentation Filter:
+ Description
The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.
+ Extended Description

Typically, network on chips (NoC) have many internal resources that are shared between packets from different trust domains. These resources include internal buffers, crossbars and switches, individual ports, and channels. The sharing of resources causes contention and introduces interference between differently trusted domains, which poses a security threat via a timing channel, allowing attackers to infer data that belongs to a trusted agent. This may also result in introducing network interference, resulting in degraded throughput and latency.

+ Relationships
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.668Exposure of Resource to Wrong Sphere
ChildOfBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.653Improper Isolation or Compartmentalization
PeerOfBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1189Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Hardware Design" (CWE-1194)
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1203Peripherals, On-chip Fabric, and Interface/IO Problems
PeerOfBaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.1189Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
+ Background Details

"Network-on-chip" (NoC) is a commonly-used term used for hardware interconnect fabrics used by multicore Systems-on-Chip (SoC). Communication between modules on the chip uses packet-based methods, with improved efficiency and scalability compared to bus architectures [REF-1241].

+ Modes Of Introduction
Section HelpThe different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.
PhaseNote
Architecture and Design
Implementation
+ Applicable Platforms
Section HelpThis listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Language-Independent (Undetermined Prevalence)

Operating Systems

Class: OS-Independent (Undetermined Prevalence)

Architectures

Class: Architecture-Independent (Undetermined Prevalence)

Technologies

Security (Undetermined Prevalence)

Class: Technology-Independent (Undetermined Prevalence)

+ Common Consequences
Section HelpThis table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Confidentiality
Availability

Technical Impact: DoS: Resource Consumption (Other); Varies by Context; Other

Attackers may infer data that belongs to a trusted agent; the methods used to perform this attack may result in noticeably increased resource consumption.
Medium
+ Demonstrative Examples

Example 1

Consider a NoC that implements a one-dimensional mesh network with four nodes. This supports two flows: Flow A from node 0 to node 3 (via node 1 and node 2) and Flow B from node 1 to node 2. Flows A and B share a common link between Node 1 and Node 2. Only one flow can use the link in each cycle.

One of the masters to this NoC implements a cryptographic algorithm (RSA), and another master to the NoC is a core that can be exercised by an attacker. The RSA algorithm performs a modulo multiplication of two large numbers and depends on each bit of the secret key. The algorithm examines each bit in the secret key and only performs multiplication if the bit is 1. This algorithm is known to be prone to timing attacks. Whenever RSA performs multiplication, there is additional network traffic to the memory controller. One of the reasons for this is cache conflicts.

Since this is a one-dimensional mesh, only one flow can use the link in each cycle. Also, packets from the attack program and the RSA program share the output port of the network-on-chip. This contention results in network interference, and the throughput and latency of one flow can be affected by the other flow's demand.

(attack code)
 
The attacker runs a loop program on the core they control, and this causes a cache miss in every iteration for the RSA algorithm. Thus, by observing network-traffic bandwidth and timing, the attack program can determine when the RSA algorithm is doing a multiply operation (i.e., when the secret key bit is 1) and eventually extract the entire, secret key.

There may be different ways to fix this particular weakness.

(good code)
Example Language: Other 
Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.
+ Potential Mitigations

Phases: Architecture and Design; Implementation

Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.
+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Detection Methods

Manual Analysis

Providing marker flags to send through the interfaces coupled with examination of which users are able to read or manipulate the flags will help verify that the proper isolation has been achieved and is effective.

Effectiveness: Moderate

+ References
[REF-1155] Hassan M. G. Wassel, Ying Gao, Jason K. Oberg, Tedd Huffmire, Ryan Kastner, Frederic T. Chong, Timothy Sherwood. "SurfNoC: A Low Latency and Provably Non-Interfering Approach to Secure Networks-On-Chip". 2013. <http://cseweb.ucsd.edu/~kastner/papers/isca13-surfNOC.pdf>.
[REF-1241] Wikipedia. "Network on a chip". 2021-10-24. <https://en.wikipedia.org/wiki/Network_on_a_chip>.
[REF-1242] Subodha Charles and Prabhat Mishra. "A Survey of Network-on-Chip Security Attacks and Countermeasures". ACM Computing Surveys. 2021-10-24. 2021-05. <https://dl.acm.org/doi/fullHtml/10.1145/3450964>.
[REF-1245] Subodha Charles. "Design of Secure and Trustworthy Network-on-chip Architectures". 2020. <https://www.cise.ufl.edu/research/cad/Publications/charlesThesis.pdf>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2020-05-23Arun Kanuparthi, Hareesh Khattri, Parbati K. MannaIntel Corporation
+ Contributions
Contribution DateContributorOrganization
2021-10-22Hareesh KhattriIntel Corporation
provided references and background information
+ Modifications
Modification DateModifierOrganization
2021-10-28CWE Content TeamMITRE
updated Background_Details, Demonstrative_Examples, Description, Detection_Factors, Name, References, Relationships, Weakness_Ordinalities
2022-04-28CWE Content TeamMITRE
updated Applicable_Platforms, References
+ Previous Entry Names
Change DatePrevious Entry Name
2021-10-28Improper Isolation of Shared Resources in Network On Chip
More information is available — Please select a different filter.
Page Last Updated: April 28, 2022