Embedded Processor Security (original) (raw)
Related papers
Security as a New Dimension in Embedded System Design
The growing number of instances of breaches in information security in the last few years has created a compelling case for efforts towards secure electronic systems. Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a sensitive nature, pose several unique and interesting security challenges. Security has been the subject of intensive research in the areas of cryptography, computing, and networking. However, security is often mis-construed by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely new metric that designers should consider throughout the design process, along with other metrics such as cost, performance, and power. This paper is intended to introduce embedded system designers and design tool developers to the challenges involved in designing secure embedded systems. We attempt to provide a unified view of embedded system security by first analyzing the typical functional security requirements for embedded systems from an end-user perspective. We then identify the implied challenges for embedded system architects, as well as hardware and software designers (e.g., tamper-resistant embedded system design, processing requirements for security, impact of security on battery life for batterypowered systems, etc.). We also survey solution techniques to address these challenges, drawing from both current practice and emerging research, and identify open research problems that will require innovations in embedded system architecture and design methodologies.
Secure architecture in embedded systems: an overview
Proc. Workshop Reconfigurable Comm.- …, 2006
Security issues become more and more important during the development of mobile devices. In this paper we propose first a brief overview of hardware and software attacks related to embedded systems and second a comprehensive study of existing solutions to protect programs and data exchanges within these systems. Security primitives dedicated to the implementation of a secure architecture are also presented. Based on this analysis of existing solutions and requirements an original approach is proposed in order to mitigate the cost of security. Constraints related to embedded systems are strong it is thus mandatory to define new solutions, our proposition is outlined through various security primitives (ciphering and hashing) with features adapted to embedded systems.
Enhancing Security Through Hardware-assisted Run-timeValidation of Program Data Properties
The growing number of information security breaches in electronic and computing systems calls for new design paradigms that consider security as a primary design objective. This is particularly relevant in the embedded domain, where the security solution should be customized to the needs of the target system, while considering other design objectives such as cost, performance, and power. Due to the increasing complexity and shrinking design cycles of embedded software, most embedded systems present a host of software vulnerabilities that can be exploited by security attacks. Many attacks are initiated by causing a violation in the properties of data (e.g., integrity, privacy, access control rules, etc.) associated with a "trusted" program that is executing on the system, leading to a range of undesirable effects.
A Formal Security Model for Microprocessor Hardware
IEEE Transactions on Software Engineering, 2000
The paper introduces a formal security model for a microprocessor hardware system. The model has been developed as part of the evaluation process of the processor product according to ITSEC assurance level E4. Novel aspects of the model are the need for defining integrity and confidentiality objectives on the hardware level without the operating system or application specification and security policy being given, and the utilisation of an abstract function and data space. The security model consists of a system model given as a state transition automaton on infinite structures, and the formalisation of security objectives by means of properties of automaton behaviours. Validity of the security properties is proved. The paper compares the model with published ones and summarises the lessons learned throughout the modelling process.
Integration, 2017
Security becomes increasingly important in computing systems. Data integrity is of utmost importance. One way to protect data integrity is attaching an identifying tag to individual data. The authenticity of the data can then be checked against its tag. If the data is altered by the adversary, the related tag becomes invalid and the attack will be detected. The work presented in this paper studies an existing tag design (CETD) for authenticating memory data in embedded processor systems, where data that are stored in the memory or transferred over the bus can be tampered. Compared to other designs, this design offers the flexibility of trading-off between the implementation cost and tag size (hence the level of security); the design is cost effective and can counter the data integrity attack with random values (namely the fake values used to replace the valid data in the attack are random). However, we find that the design is vulnerable when the fake data is not randomly selected. For some data, their tags are not distributed over the full tag value space but rather limited to a much reduced set of values. When those values were chosen as the fake value, the data alteration would likely go undetected. In this article, we analytically investigate this problem and propose a low cost enhancement to ensure the full-range distribution of tag values for each data, hence effectively removing the vulnerability of the original design.
Configurable memory security in embedded systems
ACM Transactions on Embedded Computing Systems, 2013
System security is an increasingly important design criterion for many embedded systems. These systems are often portable and more easily attacked than traditional desktop and server computing systems. Key requirements for system security include defenses against physical attacks and lightweight support in terms of area and power consumption. Our new approach to embedded system security focuses on the protection of application loading and secure application execution. During secure application loading, an encrypted application is transferred from onboard flash memory to external double data rate synchronous dynamic random access memory (DDR-SDRAM) via a microprocessor. Following application loading, the core-based security technique provides both confidentiality and authentication for data stored in a microprocessor's system memory. The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform. Each application requires a collection of tasks with varying memory security requirements. The configurable security core implemented on-chip inside the FPGA with the microprocessor allows for different memory security policies for different application tasks. An average memory saving of 63% is achieved for the four applications versus a uniform security approach. The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.
A Compiler-Based Approach to Data Security
Lecture Notes in Computer Science, 2005
With the proliferation of personal electronic devices and embedded systems, personal and financial data is more easily accessible. As a consequence, we also observe a proliferation of techniques that attempt to illegally access sensitive data without proper authorization. Due to the severe financial and social ramifications of such data leakage, the need for secure memory has become critical. However, working with secure memories can have performance, power, and code size overheads since accessing a secure memory involves additional overheads for encryption/decryption and/or password checks. In addition, an application code may need to be restructured to work under such a memory system. In this paper, we propose a compiler-directed strategy to generate code for a secure memory based embedded architecture. The idea is to let the programmer mark certain data elements, called the seed elements, as secure (i.e., need to be stored in secure memory), and let the compiler determine the remaining secure elements automatically. We also address the problem of code size increase due to our strategy. The experimental results obtained through simulations clearly show that the proposed approach is effective in reducing the total secure memory size. The results also indicate that it is possible to reduce the resulting code size increase by clustering accesses to secure memory.
Distributed Security for Communications and Memories in a Multiprocessor Architecture
2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum, 2011
The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Thus it becomes mandatory to deal with security issues all along the design cycle of the MPSoC in order to guarantee a global protection. Among the critical points, the protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes a solution with distributed enhancements to secure data exchanges and to monitor communications within a MPSoC. In order to validate our contribution, a case study based on a generic multiprocessor architecture is considered.