Architectural support for securing application data in embedded systems

The rapid growth and pervasive use of embedded systems makes it easier for an adversary to gain physical access to these devices to launch attacks and reverse engineer of the system. Encrypted execution and data (EED) platforms, where instructions and data are stored in encrypted form in memory, while incurring overheads of encryption have proven to be attractive because they offer strong security against information leakage and tampering. However, several attacks are still possible on EED systems when the adversary gains physical access to the system. In this paper we present an architectural approach to address a class of memory spoofing attacks, in which an attacker can control the address bus and spoof memory blocks as they are loaded into the processor. In this paper we focus on the integrity of the application data to prevent the attacker from tampering, injecting or replaying the data. We make use of an on-chip FPGA, an architecture that is now commonly available on many processor chips, to build a secure on-chip hardware component that verifies the integrity of application data at run-time. By implementing all our security primitives on the FPGA we do not require changes to the processor architecture. We present that data protection techniques and a performance analysis is provided through a simulation on a number of bechmarks. Our experimental results show that a high level of security can be achieved with low performance overhead.

[1]  Alok N. Choudhary,et al.  High-Performance Software Protection Using Reconfigurable Architectures , 2006, Proceedings of the IEEE.

[2]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[3]  Amir Roth,et al.  Using DISE to protect return addresses from attack , 2005, CARN.

[4]  Hsien-Hsin S. Lee,et al.  InfoShield: a security architecture for protecting information usage in memory , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[5]  Miodrag Potkonjak,et al.  Enabling trusted software integrity , 2002, ASPLOS X.

[6]  Nasir D. Memon,et al.  SAFE-OPS: An approach to embedded software security , 2005, TECS.

[7]  Michael F. P. O'Boyle,et al.  High Performance Embedded Architectures and Compilers , 2008 .

[8]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[9]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[10]  Jiesheng Wu,et al.  Data-Intensive System Benchmark Suite Analysis and Specification , 1999 .

[11]  Hsien-Hsin S. Lee,et al.  Memory-Centric Security Architecture , 2005, HiPEAC.

[12]  Todd M. Austin,et al.  SimpleScalar: An Infrastructure for Computer System Modeling , 2002, Computer.

[13]  Aleksandar Milenkovic,et al.  Hardware support for code integrity in embedded processors , 2005, CASES '05.

[14]  Alok N. Choudhary,et al.  CODESSEAL: Compiler/FPGA Approach to Secure Applications , 2005, ISI.

[15]  R. Simha,et al.  SAFE-OPS : A Compiler / Architecture Approach to Embedded Software Security , 2004 .

[16]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[17]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.