Secure embedded processing through hardware-assisted run-time monitoring

Divya Arora, Srivaths Ravi, Anand Raghunathan, Niraj K. Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

105 Scopus citations

Abstract

Security is emerging as an important concern in embedded system design. The security of embedded systems is often compromised due to vulnerabilities in "trusted" software that they execute. Security attacks exploit these vulnerabilities to trigger unintended program behavior, such as the leakage of sensitive data or the execution of malicious code. In this work, we present a hardware-assisted paradigm to enhance embedded system security by detecting and preventing unintended program behavior. Specifically, we extract properties of an embedded program through static program analysis, and use them as the bases for enforcing permissible program behavior in real-time as the program executes. We present an architecture for hardware-assisted run-time monitoring, wherein the embedded processor is augmented with a hardware monitor that observes the processor's dynamic execution trace, checks whether the execution trace falls within the allowed program behavior, and flags any deviations from the expected behavior to trigger appropriate response mechanisms. We present properties that can be used to capture permissible program behavior at different levels of granularity within a program, namely inter-procedural control flow, intra-procedural control flow, and instruction stream integrity. We also present a systematic methodology to design application-specific hardware monitors for any given embedded program. We have evaluated the hardware requirements and performance of the proposed architecture for several embedded software benchmarks. Hardware implementations using a commercial design flow, and architectural simulations using the SimpleScalar framework, indicate that the proposed technique can thwart several common software and physical attacks, facilitating secure program execution with minimal overheads.

Original languageEnglish (US)
Title of host publicationProceedings - Design, Automation and Test in Europe, DATE '05
Pages178-183
Number of pages6
DOIs
StatePublished - 2005
EventDesign, Automation and Test in Europe, DATE '05 - Munich, Germany
Duration: Mar 7 2005Mar 11 2005

Publication series

NameProceedings -Design, Automation and Test in Europe, DATE '05
VolumeI
ISSN (Print)1530-1591

Other

OtherDesign, Automation and Test in Europe, DATE '05
Country/TerritoryGermany
CityMunich
Period3/7/053/11/05

All Science Journal Classification (ASJC) codes

  • General Engineering

Fingerprint

Dive into the research topics of 'Secure embedded processing through hardware-assisted run-time monitoring'. Together they form a unique fingerprint.

Cite this