A Compiler-Based Approach to Data Security

ACM Transactions on Embedded Computing Systems, 2013

System security is an increasingly important design criterion for many embedded systems. These systems are often portable and more easily attacked than traditional desktop and server computing systems. Key requirements for system security include defenses against physical attacks and lightweight support in terms of area and power consumption. Our new approach to embedded system security focuses on the protection of application loading and secure application execution. During secure application loading, an encrypted application is transferred from onboard flash memory to external double data rate synchronous dynamic random access memory (DDR-SDRAM) via a microprocessor. Following application loading, the core-based security technique provides both confidentiality and authentication for data stored in a microprocessor's system memory. The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform. Each application requires a collection of tasks with varying memory security requirements. The configurable security core implemented on-chip inside the FPGA with the microprocessor allows for different memory security policies for different application tasks. An average memory saving of 63% is achieved for the four applications versus a uniform security approach. The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.

Most of security vulnerabilities continue to be caused by memory errors, and long-running programs that interact with untrusted components. While comprehensive solutions have been developed to handle memory errors, these solutions suffer from one or more of the following problems: high overheads, incompatibility, and changes to the memory model. Address space randomization is a technique that avoids these drawbacks, but do not offer a level of protection. To overcome these limitations, we develop a new approach in this paper that supports comprehensive randomization, whereby the absolute locations of all (code and data) objects, as well as their relative distances are randomized. In particular, we have successfully deployed precise method in the implementation of a language run-time system. Our approach is implemented as a fully automatic source-to-source transformation, the address-space randomizations take place at load-time or runtime, so the same copy of the binaries can be distributed to everyone-this ensures compatibility with today's software distribution model.

Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium, 1999

We propose an hardware solution to several security problems that are difficult to solve on classical processor architectures, like licensing, electronic commerce, or software privacy. The memory management unit which provides multitasking and virtual memory support is extended and given a third purpose: to supply strong hardware security support for the software layer. The principle of this enhanced device, that we call a Security Management Unit (or SMU), is based on ciphered program execution and access control. It is composed of a pipelined block ciphering/deciphering unit, an internal permanent memory and logic control, whose interaction is explained in this paper.

2009

Code Compression has been used to alleviate the memory requirements as well as to improve performance and/or minimize energy consumption. On the other hand, implementing security primitives on Embedded Systems is always costly in terms of area and performance. In this paper we present a code compression method, the IBC-EI (Instruction Based Compression with Encryption and Integrity checking), tailored to provide integrity checking and encryption to secure processor-memory transactions. The principle is to keep the code compressed and ciphered in the memory, thus reducing the memory footprint and providing more information per memory access. For the Leon processor and a set of benchmarks from the Mediabench and MiBench suites the habitual overheads due to security trend to zero in comparison to a system without security neither compression.

2005

The science of security informatics has become a rapidly growing field involving different branches of computer science and information technologies. Software protection, particularly for security applications, has become an important area in computer security. This paper proposes a joint compiler/hardware infrastructure-CODESSEAL-for software protection for fully encrypted execution in which both program and data are in encrypted form in memory. The processor is supplemented with an FPGA-based secure hardware component that is capable of fast encryption and decryption, and performs code integrity verification, authentication, and provides protection of the execution control flow. This paper outlines the CODESSEAL approach, the architecture, and presents preliminary performance results.

The growing number of information security breaches in electronic and computing systems calls for new design paradigms that consider security as a primary design objective. This is particularly relevant in the embedded domain, where the security solution should be customized to the needs of the target system, while considering other design objectives such as cost, performance, and power. Due to the increasing complexity and shrinking design cycles of embedded software, most embedded systems present a host of software vulnerabilities that can be exploited by security attacks. Many attacks are initiated by causing a violation in the properties of data (e.g., integrity, privacy, access control rules, etc.) associated with a "trusted" program that is executing on the system, leading to a range of undesirable effects.

2017 Euromicro Conference on Digital System Design (DSD), 2017

Over the last 30 years, a number of secure processor architectures have been proposed to protect software integrity and confidentiality during its distribution and execution. In such architectures, encryption (together with integrity checking) is used extensively, on any data leaving a defined secure boundary.In this paper, we show how encryption can be achieved at the instruction level using a stream cipher. Thus encryption is more lightweight and efficient, and is maintained deeper in the memory hierarchy than the natural off-chip boundary considered in most research works. It requires the control flow graph to be used and modified as part of the off-line encryption process, but thanks to the LLVM framework, it can be integrated easily in a compiler pipeline, and be completely transparent to the programmer.We also describe hardware modifications needed to support this encryption method, the latter were added to a 32 bit MIPS soft core. The synthesis performed on a Altera Cyclone V...

2008 International Conference on Field-Programmable Technology, 2008

The constrained operating environments of many FPGAbased embedded systems require flexible security that can be configured to minimize the impact on FPGA area and power consumption. In this paper, a security approach for external memory in FPGA-based embedded systems that exploits FPGA configurability is presented. Our FPGA-based security core provides both confidentiality and integrity for data stored externally to an FPGA which is accessed by a processor on the FPGA chip. The benefits of our security core are demonstrated using four embedded applications implemented on a Stratix II device. Each application requires a collection of tasks with varying memory security requirements. Our security core is used in conjunction with a NIOS II soft processor running the MicroC/OS II operating system. An average memory and energy savings of about 64% and 16%, respectively, is achieved for the four applications versus a non-configurable, uniform security approach.

Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, 2015

Smartphones and tablets are easily lost or stolen. This makes them susceptible to an inexpensive class of memory attacks, such as coldboot attacks, using a bus monitor to observe the memory bus, and DMA attacks. This paper describes Sentry, a system that allows applications and OS components to store their code and data on the System-on-Chip (SoC) rather than in DRAM. We use ARMspecific mechanisms originally designed for embedded systems, but still present in today's mobile devices, to protect applications and OS subsystems from memory attacks.

Proceedings of the 20th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems - LCTES 2019, 2019

In this era of IoT devices, security is very often traded off for smaller device footprint and low power consumption. Considering the exponentially growing security threats of IoT and cyber-physical systems, it is important that these devices have built-in features that enhance security. In this paper, we present Shakti-MS, a lightweight RISC-V processor with built-in support for both temporal and spatial memory protection. At run time, Shakti-MS can detect and stymie memory misuse in C and C++ programs, with minimum runtime overheads. The solution uses a novel implementation of fat-pointers, those associate capabilities with every pointer. Our proposal is to use stack-based cookies for crafting fat-pointers instead of having object-based identifiers. We store the fat-pointer on the stack, which eliminates the use of shadow memory space, or any table to store the pointer metadata. This reduces the storage overheads by a great extent. The cookie also helps to preserve control flow of the program by ensuring that the return address never gets modified by vulnerabilities like buffer overflows. Shakti-MS introduces new instructions in the microprocessor hardware, and also a modified compiler that automatically inserts these new instructions to enable memory protection. This co-design approach is intended to reduce runtime and area overheads, and also provides an end-to-end solution. The hardware has an area overhead of 700 LUTs on a Xilinx xcvu095-ffva2104-2-e FPGA and 4100 cells on an open 55nm technology node. The clock frequency of the processor is not affected by the security extensions, while there is a marginal increase in the code size by 11% with an average runtime overhead of 13%. CCS CONCEPTS • Security and Privacy → Hardware and Compiler security implementations ; • Computer systems organization → Embedded systems; Reduced Instruction set architecture.