Abstract

Embedded systems of an inherently distributed and highly replicated nature are vulnerable to a class of attacks that require local access and physical tampering. Processors using Encrypted Execution and Data (EED) technology, where instructions and data are stored in encrypted form in memory and locally decrypted, form an attractive solution for securing embedded systems, as these platforms have been shown to protect software and limit information leakage. However, numerous realistic attacks are still possible on EED platforms given the assumption of an adversary with physical access. In this paper, we present an integrated compiler and architectural approach to address a class of memory spoofing attacks, in which a sophisticated attacker is able to control off-chip buses and modify data blocks as they are loaded into the processor. Our approach, which utilizes cache boundaries to greatly simplify the integrity checking process, prevents an attacker from tampering, injecting, or replaying code and data. We make use of an on-chip reconfigurable logic component to implement our security mechanisms. This use of reconfigurable logic greatly simplifies the required hardware modifications - no changes are necessary to the CPU, cache, or off-chip memory. Our simulations on a number of benchmarks show that a high level of security can be achieved with a low performance overhead. The average overhead incurred is dependent on the cache size and type of integrity checking scheme used, but is less than 16% even for the most computationally intensive scheme. We present a hardware/software prototype mapped to a Field Programmable Gate Array (FPGA) platform in order to evaluate the space required and demonstrate the feasibility of our approach.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.