A Survey of Microarchitecture Support for Embedded Processor Security

The number of attacks on embedded processors is on the rise. Attackers exploit vulnerabilities in the software to launch new attacks and get unauthorized access to sensitive information stored in these devices. Several solutions have been proposed by both the academia and the industry to protect the programs running on these embedded-processor based computer systems. After a description of the several attacks that threaten a computer system, this paper surveys existing defenses - software-based and hardware-based (watchdog checkers, integrity trees, memory encryption, and modification of processor architecture), that protect against such attacks. This paper also provides a comparative discussion of their advantages and disadvantages.

[1]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[2]  Miodrag Potkonjak,et al.  Enabling trusted software integrity , 2002, ASPLOS X.

[3]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[4]  Ruby B. Lee,et al.  Runtime execution monitoring (REM) to detect and prevent malicious code execution , 2004, IEEE International Conference on Computer Design: VLSI in Computers and Processors, 2004. ICCD 2004. Proceedings..

[5]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[6]  John Paul Shen,et al.  Processor Control Flow Monitoring Using Signatured Instruction Streams , 1987, IEEE Transactions on Computers.

[7]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[8]  Ramesh Karri,et al.  Feasibility study of dynamic Trusted Platform Module , 2010, 2010 IEEE International Conference on Computer Design.

[9]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[10]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[11]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[12]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[13]  Edward J. McCluskey,et al.  Linear Complexity Assertions for Sorting , 1994, IEEE Trans. Software Eng..

[14]  William J. Lynn,et al.  Defending a New Domain: The Pentagon's Cyberstrategy , 2010 .

[15]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[16]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[17]  Srivaths Ravi,et al.  Energy and execution time analysis of a software-based trusted platform module , 2007 .

[18]  M. Ivimey Annual report , 1958, IRE Transactions on Engineering Writing and Speech.