Enhancing security through hardware-assisted run-time validation of program data properties

Divya Arora, Anand Raghunathan, Srivaths Ravi, Niraj K. Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

The growing number of information security breaches in electronic and computing systems calls for new design paradigms that consider security as a primary design objective. This is particularly relevant in the embedded domain, where the security solution should be customized to the needs of the target system, while considering other design objectives such as cost, performance, and power. Due to the increasing complexity and shrinking design cycles of embedded software, most embedded systems present a host of software vulnerabilities that can be exploited by security attacks. Many attacks are initiated by causing a violation in the properties of data (e.g., integrity, privacy, access control rules, etc.) associated with a "trusted" program that is executing on the system, leading to a range of undesirable effects. In this work, we develop a general framework that provides security assurance against a wide class of security attacks. Our work is based on the observation that a program's permissible behavior with respect to data accesses can be characterized by certain properties. We present a hardware/software approach wherein such properties can be encoded as data attributes and enforced as security policies during program execution. These policies may be application-specific (e.g., access control for certain data structures), compiler-generated (e.g., enforcing that variables are accessed only within their scope), or universally applicable to all programs (e.g., disallowing writes to unallocated memory). We show how an embedded system architecture can support, such policies by (i) enhancing the memory hierarchy to represent the attributes of each datum as security tags that are linked to it through its lifetime, and (ii) adding a configurable hardware checker that interprets the semantics of the tags and enforces the desired security policies. We evaluated the effectiveness of the proposed architecture in enforcing various security policies for several embedded benchmarks. Our experiments in the context of the Simplescalar framework demonstrate that the proposed solution ensures run-time validation of program data properties with minimal execution time overheads.

Original languageEnglish (US)
Title of host publicationCODES+ISSS 2005 - International Conference on Hardware/Software Codesign and Systems Synthesis
PublisherAssociation for Computing Machinery
Pages190-195
Number of pages6
ISBN (Print)1595931619, 9781595931610
DOIs
StatePublished - 2005
Event3rd IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and Systems Synthesis CODES+ISSS 2005 - Jersey City, NJ, United States
Duration: Sep 18 2005Sep 21 2005

Publication series

NameCODES+ISSS 2005 - International Conference on Hardware/Software Codesign and System Synthesis

Other

Other3rd IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and Systems Synthesis CODES+ISSS 2005
CountryUnited States
CityJersey City, NJ
Period9/18/059/21/05

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Keywords

  • Data tagging
  • Run-time checks
  • Secure architectures

Fingerprint Dive into the research topics of 'Enhancing security through hardware-assisted run-time validation of program data properties'. Together they form a unique fingerprint.

  • Cite this

    Arora, D., Raghunathan, A., Ravi, S., & Jha, N. K. (2005). Enhancing security through hardware-assisted run-time validation of program data properties. In CODES+ISSS 2005 - International Conference on Hardware/Software Codesign and Systems Synthesis (pp. 190-195). (CODES+ISSS 2005 - International Conference on Hardware/Software Codesign and System Synthesis). Association for Computing Machinery. https://doi.org/10.1145/1084834.1084884