Compiler/hardware assisted application code and data security in embedded systems

Abstract

Embedded systems have stepped deeper into Integrated Avionics systems, and security is becoming an important concern. Most embedded systems present a number of software vulnerabilities, such as buffer overflows. Furthermore, the rapid growth and pervasive use of embedded systems makes it easier for a sophisticated attacker to gain physical access to launch physical attacks on insecure off-chip main memory. This paper presents a novel compiler/ hardware assisted application code and data protection architecture (CHCDP) to monitor the execution of application. The compiler extracts the control flow and static data integrity validation information using hashing and cyclical redundancy check (CRC) integrity algorithms at compile time. The dynamic data integrity validation is generated in the process of application execution. Likewise, the function return address and frame point are also protected at runtime. The designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior. And it will trigger appropriate response mechanisms if finding a mismatch. An OR1200 processor is assigned to build a System on a Programmable Chip (SOPC) that implements the architectural design. The experimental analysis shows that the proposed techniques can eliminate a wide range of common software and physical attacks with low performance penalties and minimal overheads.