Two-Stage Checkpoint Based Security Monitoring and Fault Recovery Architecture for Embedded Processor

Nowadays, the secure program execution of embedded processor has attracted considerable research attention, since more and more code tampering attacks and transient faults are seriously affecting the security of embedded processors. The program monitoring and fault recovery strategies are not only closely related to the security of embedded devices, but also directly affect the performance of the processor. This paper presents a security monitoring and fault recovery architecture for run-time program execution, which takes regular backup copies of the two-stage checkpoint. In this framework, the integrity check technology based on the basic block (BB) is utilized to monitor the program execution in real-time, while the rollback operation is taken once the integrity check is failed. In addition, a Monitoring Cache (M-Cache) is built to buffer the reference data for integrity checking. Moreover, a recovery strategy mainly for three tampered positions (registers in processor, instructions in Cache, and codes in memory) is provided to ensure the smooth running of the embedded system. Finally, the open RISC processor is adopted to implement and verify the presented security architecture, which has been proved to be effective for program detection in the execution of tamper attack and quick recovery of the running environment as well as code.

[1]  Srivaths Ravi,et al.  Hardware-Assisted Run-Time Monitoring for Secure Program Execution on Embedded Processors , 2006, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Marc Tremblay,et al.  High-Performance Fault-Tolerant VLSI Systems Using Micro Rollback , 1990, IEEE Trans. Computers.

[3]  Philip A. Bernstein,et al.  Sequoia: a fault-tolerant tightly coupled multiprocessor for transaction processing , 1988, Computer.

[4]  Kun Wang,et al.  An SDN-Enabled Pseudo-Honeypot Strategy for Distributed Denial of Service Attacks in Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[5]  Mark Mohammad Tehranipoor,et al.  Benchmarking of Hardware Trojans and Maliciously Affected Circuits , 2017, Journal of Hardware and Systems Security.

[6]  Nguyen Ngoc Tuan,et al.  A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN , 2020, Electronics.

[7]  Jianhua Sun,et al.  Optimizing Checkpoint Restart with Data Deduplication , 2016, Sci. Program..

[8]  Yunheung Paek,et al.  Efficient Security Monitoring with the Core Debug Interface in an Embedded Processor , 2016, ACM Trans. Design Autom. Electr. Syst..

[9]  Wei Zhang,et al.  A Fine-Grained Control Flow Integrity Approach Against Runtime Memory Attacks for Embedded Systems , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[10]  Alireza Ejlali,et al.  Two-State Checkpointing for Energy-Efficient Fault Tolerance in Hard Real-Time Systems , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[11]  Jie Lin,et al.  Ultra-Low-Power Design and Hardware Security Using Emerging Technologies for Internet of Things , 2017 .

[12]  Amar Seeam,et al.  Creation and Detection of Hardware Trojans Using Non-Invasive Off-The-Shelf Technologies , 2018, Electronics.

[13]  Lin Li,et al.  Hardware-assisted integrity monitor based on lightweight hash function , 2018, IEICE Electron. Express.

[14]  Timothy J. Slegel,et al.  IBM's S/390 G5 microprocessor design , 1999, IEEE Micro.

[15]  Bijan Alizadeh,et al.  PMTP: A MAX-SAT-Based Approach to Detect Hardware Trojan Using Propagation of Maximum Transition Probability , 2020, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[16]  Thomas Meyer,et al.  Stack Redundancy to Thwart Return Oriented Programming in Embedded Systems , 2018, IEEE Embedded Systems Letters.

[17]  Junlong Zhou,et al.  Throughput Maximization for Multicore Energy-Harvesting Systems Suffering Both Transient and Permanent Faults , 2019, IEEE Access.

[18]  Weike Wang,et al.  Hardware-Based Protection for Data Security at Run-Time on Embedded Systems , 2018 .