TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V

Embedded computing devices are used on a large scale in the emerging internet of things (IoT). However, their wide deployment raises the incentive for attackers to target these devices, as demonstrated by several recent attacks. As IoT devices are built for long service life, means are required to protect sensitive code in the presence of potential vulnerabilities, which might be discovered long after deployment. Tagged memory has been proposed as a mechanism to enforce various fine-grained security policies at runtime. However, none of the existing tagged memory schemes provides efficient and flexible compartmentalization in terms of isolated execution environments. We present TIMBER-V, a new tagged memory architecture featuring flexible and efficient isolation of code and data on small embedded systems. We overcome several limitations of previous schemes. We augment tag isolation with a memory protection unit to isolate individual processes, while maintaining low memory overhead. TIMBER-V significantly reduces the problem of memory fragmentation, and improves dynamic reuse of untrusted memory across security boundaries. TIMBER-V enables novel sharing of execution stacks across different security domains, in addition to interleaved heaps. TIMBER-V is compatible to existing code, supports real-time constraints and is open source. We show the efficiency of TIMBER-V by evaluating our proofof-concept implementation on the RISC-V simulator.

[1]  Frederic T. Chong,et al.  Minos: Architectural support for protecting control data , 2006, TACO.

[2]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[3]  Edward A. Feustel,et al.  The Rice research computer: a tagged architecture , 1972, AFIPS '72 (Spring).

[4]  Xiaoyu Ruan Boot with Integrity, or Don’t Boot , 2014 .

[5]  Christoforos E. Kozyrakis,et al.  Decoupling Dynamic Information Flow Tracking with a dedicated coprocessor , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[6]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[8]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[9]  Johannes Götzfried,et al.  Sancus 2.0 , 2017, ACM Trans. Priv. Secur..

[10]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[11]  Peter G. Neumann,et al.  Efficient Tagged Memory , 2017, 2017 IEEE International Conference on Computer Design (ICCD).

[12]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[13]  Konstantin Serebryany,et al.  MemorySanitizer: Fast detector of uninitialized memory use in C++ , 2015, 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[14]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[15]  G. Edward Suh,et al.  High-performance parallel accelerator for flexible and efficient run-time monitoring , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[16]  Guru Venkataramani,et al.  FlexiTaint: A programmable accelerator for dynamic taint propagation , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.

[17]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[18]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[19]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Benjamin C. Pierce,et al.  The Meaning of Memory Safety , 2017, POST.

[21]  Peter G. Neumann,et al.  CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[23]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[24]  Johannes Götzfried,et al.  Hardware-Based Trusted Computing Architectures for Isolation and Attestation , 2018, IEEE Transactions on Computers.

[25]  Christoforos E. Kozyrakis,et al.  Hardware Enforcement of Application Security Policies Using Tagged Memory , 2008, OSDI.

[26]  Milo M. K. Martin,et al.  Hardbound: architectural support for spatial safety of the C programming language , 2008, ASPLOS.

[27]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[28]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[29]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[30]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[31]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[32]  Imran Zakria “BITS?” , 2008, BMJ : British Medical Journal.

[33]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[34]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[35]  Babak Falsafi,et al.  Flexible Hardware Acceleration for Instruction-Grain Lifeguards , 2009, IEEE Micro.

[36]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[37]  Yunheung Paek,et al.  HDFI: Hardware-Assisted Data-Flow Isolation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[38]  Nael B. Abu-Ghazaleh,et al.  Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.