Abstract
Consistency and Traceability are the highest priority of the system architect in the world of high-assurance processing. Developing such a system requires the use of high assurance software and hardware working in a cohesive, well defined manner. To achieve and sustain high-assurance, the system must have the ability to continuously check and verify the proper hardware and software operation and execution. Software achieves high reliability with well defined security policies and intensive evaluation that is verified through formal methods including formal models, compliance verification of code, regression test selection, and requirements validation. The development of the Multiple Independent Levels of Security (MILS) architecture is one example of an effective way to produce a reliable software subsystem that can be formally verified and validated. Hardware systems have a completely different paradigm to deal with in high assurance processing. In hardware development the architect must take in account potential weaknesses in the hardware from physical variables. The weaknesses can arise from a variety of sources including fluctuations in power supply levels and temperature, Single Event Upsets (SEUs), process variations during manufacturing and material deterioration over time. In addition, in high assurance processing, external malicious probing and tampering is always a concern. When developing the system, the architect must take all of the possible scenarios into consideration. For embedded systems, the Xilinx FX families of Field Programmable Gate Arrays (FPGAs) have a PPC processor embedded in the reconfigurable fabric. The larger devices in the FX family have two PPC processors. With two processors in a single FPGA the system architect has the unique ability to develop a system that has built in error detection for most physical inconsistencies. This comes from the ability to configure the two PPC processors embedded in the reconfigurable fabric to operate in a Tightly Coupled Dual Processor Lock-Step. This paper will outline from an architectural view, the method and benefits that are achieved from using multiple processors in a single piece of reconfigurable logic to protect a system from physical variables, creating a solid platform for high-assurance computing applications.