SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR
Managing information security in automated control systems in conditions the growing number of cyber threats requires the development of specialized architecturally resilient solutions. Necessary security can be achieved through the use of trusted microprocessors and systems based on them. During th...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2025-07-01
|
| Series: | Безопасность информационных технологий |
| Subjects: | |
| Online Access: | https://bit.spels.ru/index.php/bit/article/view/1819 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849329429998731264 |
|---|---|
| author | Mikael A. Kondakhchan Nikita A. Grevtsev Peter A. Chibisov |
| author_facet | Mikael A. Kondakhchan Nikita A. Grevtsev Peter A. Chibisov |
| author_sort | Mikael A. Kondakhchan |
| collection | DOAJ |
| description | Managing information security in automated control systems in conditions the growing number of cyber threats requires the development of specialized architecturally resilient solutions. Necessary security can be achieved through the use of trusted microprocessors and systems based on them. During the design phase of trusted microprocessors for digital control systems, simulation tools are employed to make informed decisions about architectural modifications. The methodology of instruction-level simulation offers unique opportunities for testing security algorithms, including comprehensive functionality verification, optimization of operational parameters, and analysis of cybersecurity mechanisms. This approach aims to predict the operational characteristics of the final product through the analysis of its virtual model, reducing the risk of implementing vulnerable design solutions. Unlike conventional RTL-based design processes, this methodology eliminates the need for lengthy creation and verification stages, thereby minimizing development time and avoiding resource expenditure on suboptimal designs. The objective of this work is to enhance the security of automated control systems for technological processes through the development of architectural solutions based on trusted microprocessors. These solutions incorporate hardware mechanisms for memory resource isolation and provide multi-layered protection. A key focus is placed on implementing an I/O Memory Management Unit (IOMMU) in the simulator, enabling the simulation and testing of unauthorized access prevention scenarios via peripheral devices. The IOMMU block facilitates the isolation or mapping of I/O operations to different address spaces. This paper presents the design and implementation of the IOMMU block, including the pagewalk mechanism, which retrieves translation tables for the translation lookaside buffer (TLB) through stepwise memory accesses. The functioning of the IOMMU in mitigating security threats is demonstrated through practical tests. The methodology was validated using real-world tasks, where a trusted processor simulator successfully booted a Linux operating system with IOMMU support. The correct operation of the memory management unit during I/O operations was confirmed. |
| format | Article |
| id | doaj-art-c62a7f89e2494b3a96e2c784f68c1d89 |
| institution | Kabale University |
| issn | 2074-7128 2074-7136 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Joint Stock Company "Experimental Scientific and Production Association SPELS |
| record_format | Article |
| series | Безопасность информационных технологий |
| spelling | doaj-art-c62a7f89e2494b3a96e2c784f68c1d892025-08-20T03:47:16ZengJoint Stock Company "Experimental Scientific and Production Association SPELSБезопасность информационных технологий2074-71282074-71362025-07-01323909910.26583/bit.2025.3.071477SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATORMikael A. Kondakhchan0Nikita A. Grevtsev1Peter A. Chibisov2NRC "Kurchatov Institute" – NIISI; National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)NRC "Kurchatov Institute" – NIISINRC "Kurchatov Institute" – NIISIManaging information security in automated control systems in conditions the growing number of cyber threats requires the development of specialized architecturally resilient solutions. Necessary security can be achieved through the use of trusted microprocessors and systems based on them. During the design phase of trusted microprocessors for digital control systems, simulation tools are employed to make informed decisions about architectural modifications. The methodology of instruction-level simulation offers unique opportunities for testing security algorithms, including comprehensive functionality verification, optimization of operational parameters, and analysis of cybersecurity mechanisms. This approach aims to predict the operational characteristics of the final product through the analysis of its virtual model, reducing the risk of implementing vulnerable design solutions. Unlike conventional RTL-based design processes, this methodology eliminates the need for lengthy creation and verification stages, thereby minimizing development time and avoiding resource expenditure on suboptimal designs. The objective of this work is to enhance the security of automated control systems for technological processes through the development of architectural solutions based on trusted microprocessors. These solutions incorporate hardware mechanisms for memory resource isolation and provide multi-layered protection. A key focus is placed on implementing an I/O Memory Management Unit (IOMMU) in the simulator, enabling the simulation and testing of unauthorized access prevention scenarios via peripheral devices. The IOMMU block facilitates the isolation or mapping of I/O operations to different address spaces. This paper presents the design and implementation of the IOMMU block, including the pagewalk mechanism, which retrieves translation tables for the translation lookaside buffer (TLB) through stepwise memory accesses. The functioning of the IOMMU in mitigating security threats is demonstrated through practical tests. The methodology was validated using real-world tasks, where a trusted processor simulator successfully booted a Linux operating system with IOMMU support. The correct operation of the memory management unit during I/O operations was confirmed.https://bit.spels.ru/index.php/bit/article/view/1819iommu, instruction set simulator, architectural modeling, pagewalk, countering cyber threats. |
| spellingShingle | Mikael A. Kondakhchan Nikita A. Grevtsev Peter A. Chibisov SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR Безопасность информационных технологий iommu, instruction set simulator, architectural modeling, pagewalk, countering cyber threats. |
| title | SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR |
| title_full | SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR |
| title_fullStr | SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR |
| title_full_unstemmed | SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR |
| title_short | SIMULATION OF PERIPHERAL DEVICE SECURITY: IMPLEMENTATION AND PRACTICAL EVLUATION OF ADDRESS SPACES PROTECTION IN A TRUSTED MICROPROCESSOR EMULATOR |
| title_sort | simulation of peripheral device security implementation and practical evluation of address spaces protection in a trusted microprocessor emulator |
| topic | iommu, instruction set simulator, architectural modeling, pagewalk, countering cyber threats. |
| url | https://bit.spels.ru/index.php/bit/article/view/1819 |
| work_keys_str_mv | AT mikaelakondakhchan simulationofperipheraldevicesecurityimplementationandpracticalevluationofaddressspacesprotectioninatrustedmicroprocessoremulator AT nikitaagrevtsev simulationofperipheraldevicesecurityimplementationandpracticalevluationofaddressspacesprotectioninatrustedmicroprocessoremulator AT peterachibisov simulationofperipheraldevicesecurityimplementationandpracticalevluationofaddressspacesprotectioninatrustedmicroprocessoremulator |