论文信息 - Hardware-Assisted System for Program Execution Security of SOC

Hardware-Assisted System for Program Execution Security of SOC

With the rapid development of embedded systems, the systems’ security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program’s code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.

[1] Sylvain Guilley,et al. HCODE: Hardware-Enhanced Real-Time CFI , 2014, PPREW-4.

[2] Martín Abadi,et al. Control-flow integrity , 2005, CCS '05.

[3] Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security , 2015, CCS.

[4] Xiaodong Wang,et al. Compiler/hardware assisted application code and data security in embedded systems , 2009, 2009 IEEE/AIAA 28th Digital Avionics Systems Conference.

[5] Mihai Budiu,et al. Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[6] Per Larsen,et al. It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks , 2015, CCS.

[7] Ahmad-Reza Sadeghi,et al. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.

[8] Ian G. Harris,et al. Control-flow checking for intrusion detection via a real-time debug interface , 2014, 2014 International Conference on Smart Computing Workshops.

[9] Ahmad-Reza Sadeghi,et al. Hardware-assisted fine-grained control-flow integrity: Towards efficient protection of embedded systems against software exploitation , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[10] Kevin W. Hamlen,et al. Securing untrusted code via compiler-agnostic binary rewriting , 2012, ACSAC '12.