The use of embedded systems and the amount of data they process is rapidly growing in the modern information age. Given physical access to a device, an attacker can monitor the signals between the CPU and Memory to intercept, and possibly even inject new data into the system. A variety of attacks are possible including, replay, spoofing, and splicing attacks, each one threatening the safety of the system. Ensuring this data is intact is imperative, and as physical protection is difficult, data protection hardware is a must. Protecting memory was researched in the past, and there are several methods of achieving it, with techniques such as memory encryption, memory hashes, and message authentication codes. While these achieve the desired effect, they do it at the cost of performance, memory usage, and additional hardware. To overcome these concerns, authentication tree designs have been proposed to protect memory with reduced overhead. For example, static tree designs such as TEC-Trees have been proven effective in the past, but have limited performance in certain access patterns (workloads). Most recently proposed dynamically balanced trees provide an additional solution with improved performance in certain workloads, however; with its own additional limitations. This research built on the top of the dynamic tree design by integrating tree node caches and evaluating the improved viability of the dynamic authentication tree (DAT) approach. The design was implemented on a Xilinx Zynq-7000 SoC that used a hard processing system core to communicate with the fabric-based memory protection controller. The addition of caches to the dynamic authentication tree design increased the performance enough to perform similarly to TEC-Trees. As expected, in certain memory access patterns, such as those that repeatedly accessed a group of common memory locations, the cache-added DAT was able to outperform both the original design, and TEC-Tree based designs.

Library of Congress Subject Headings

Computer storage devices--Security measures; Data encryption--Computer science; Computer input-output equipment

Publication Date


Document Type


Student Type


Degree Name

Computer Engineering (MS)

Department, Program, or Center

Computer Engineering (KGCOE)


Marcin Lukowiak

Advisor/Committee Member

Corey Merkel

Advisor/Committee Member

Stanislaw Radziszowski


RIT – Main Campus

Plan Codes