A High Efficient Control Flow Authentication Method Basing on Loop Isolation

Abstract

In spite of numerous protection schemes, embedded systems are still faced with the danger of being attacked, especially at run time. Some ‘trusted’ programs may be attacked and then result in unintended behaviors, such as jumping to malicious code and leakage of sensitive data. Control flow authentication is one of efficient methods to protect the security of embedded system by ensuring system run along the designed control flow path. In this paper, we propose a new control flow authentication method to further improve the efficiency. A hardware monitor on chip is designed to help authenticate most control flow edges. And the control flow edges in loops are isolated and protected by self-validation software. This software method inserts assembly code upon every basic blocks in a loop to authenticate control flow edges by computing three validation variables. This loop isolation method helps hardware monitor to protect control flow edges which are repeatedly validated in loops to reduce validation times. With this combination, both performance and fault coverage rate have improved compared to traditional methods. To evaluate the performance, we built the system based on ARM v7-A architecture and simulated it using the cycle-accurate simulator GEM5 with SPEC2006 benchmarks.