论文信息 - Hardware-Assisted Monitoring for Code Security in Embedded System

Hardware-Assisted Monitoring for Code Security in Embedded System

This paper presents a novel hardware-assisted monitoring architecture for code protection. Program code can be considered as a number of basic code blocks, each with jump and return addresses. It records all possible positions and the function called address to extract the monitoring model of program. The compiler extracts the control flow and static code integrity validation information using lightweight hash and integrity algorithms at compile time. During the execution of the program security module reads from the specialized division of hardware such information, which is compared with the program generated in the process of real-time operation. If inconsistent with the description of the program was found, the security module will abort the CPU run. This design effectively improves the security of embedded systems, while the whole system costs less resource consumption and obtains high efficiency.

[1] Todd M. Austin,et al. High Coverage Detection of Input-Related Security Faults , 2003, USENIX Security Symposium.

[2] Shufu Mao,et al. Hardware Support for Secure Processing in Embedded Systems , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[3] Wei Hu,et al. A bottom-up approach to verifiable embedded system information flow security , 2014, IET Inf. Secur..

[4] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[5] WolfTilman,et al. Hardware Support for Secure Processing in Embedded Systems , 2010 .

[6] Wouter Joosen,et al. Runtime countermeasures for code injection attacks against C and C++ programs , 2012, CSUR.

[7] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[8] Richard J. Enbody,et al. Secure Bit: Transparent, Hardware Buffer-Overflow Protection , 2006, IEEE Transactions on Dependable and Secure Computing.

[9] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[10] Sri Parameswaran,et al. IMPRES: integrated monitoring for processor reliability and security , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[11] Michael Rodeh,et al. CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.