Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes

Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions.In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.

[1]  Luca P. Carloni,et al.  PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[2]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[3]  Rolf Drechsler,et al.  Early Concolic Testing of Embedded Binaries with Virtual Prototypes: A RISC-V Case Study* , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[4]  Wei Hu,et al.  Register transfer level information flow tracking for provably secure hardware design , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[5]  Yunheung Paek,et al.  HDFI: Hardware-Assisted Data-Flow Isolation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[6]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[7]  Sharad Malik,et al.  Verifying information flow properties of firmware using symbolic execution , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[8]  Andrei Sabelfeld,et al.  A Perspective on Information-Flow Control , 2012, Software Safety and Security.

[9]  Graziano Pravadelli,et al.  Symbolic assertion mining for security validation , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  Rolf Drechsler,et al.  Early SoC security validation by VP-based static information flow analysis , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[11]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[12]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[13]  Tom De Schutter Better Software. Faster!: Best Practices in Virtual Prototyping , 2014 .

[14]  Christoforos E. Kozyrakis,et al.  Decoupling Dynamic Information Flow Tracking with a dedicated coprocessor , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[15]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[16]  Luciano Lavagno,et al.  Design and Implementation of a Dynamic Information Flow Tracking Architecture to Secure a RISC-V Core for IoT Applications , 2018, 2018 IEEE High Performance extreme Computing Conference (HPEC).

[17]  Rolf Drechsler,et al.  Verifying Instruction Set Simulators using Coverage-guided Fuzzing* , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[18]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[19]  Rolf Drechsler,et al.  Extensible and Configurable RISC-V Based Virtual Prototype , 2018, 2018 Forum on Specification & Design Languages (FDL).

[20]  Rolf Drechsler,et al.  Security validation of VP-based SoCs using dynamic information flow tracking , 2019, it Inf. Technol..

[21]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[22]  Rolf Drechsler,et al.  RISC-V based virtual prototype: An extensible and configurable platform for the system-level , 2020, J. Syst. Archit..

[23]  Rolf Drechsler,et al.  Quality-Driven SystemC Design , 2009 .

[24]  Ramesh Karri,et al.  TaintHLS: High-Level Synthesis for Dynamic Information Flow Tracking , 2019, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[25]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[26]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[27]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[28]  Simha Sethumadhavan,et al.  WHISK: An uncore architecture for Dynamic Information Flow Tracking in heterogeneous embedded SoCs , 2013, 2013 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).