Hardware Root-of-Trust-based integrity for shared library function pointers in embedded systems

Abstract

Many security measures designed for large-scale compute hardware (e.g., workstations and servers) are not optimized for embedded systems. One such measure, Relocation Read-Only (RelRO), protects binary relocation sections from tampering after dynamic linking; however, RelRO depends on the presence of memory management hardware that not all embedded systems include. More generally, the latest hardware modifications to processor architectures may not always be available to provide security in small-scale embedded systems. In this paper, we propose another solution for relocation protection for use in embedded systems that have a field-programmable gate array (FPGA) on chip. Our solution prevents relocation section overwrites from diverting control flow as they would in an unprotected binary by implementing a hardware Root of Trust into which to store and out of which to retrieve shared library function pointers. We offer two system variations which provide designers with flexibility to choose a lighter or a more robust protection. We also demonstrate a proof of concept implemented on a popular FPGA development board and provide comparison with RelRO. Our work provides embedded system developers with a security measure like RelRO without requiring a customized memory management unit. Our work is useful on computer systems that include embedded reconfigurable logic on chip. The authors believe this is the first paper in which reconfigurable logic is used to provide security functionality previously implemented in a custom instruction set or other computer architecture modifications. Our work points toward a future where FPGA logic embedded on chip can be adapted to improve the security of software.