215 research outputs found
SOFIA : software and control flow integrity architecture
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
A sensor node soC architecture for extremely autonomous wireless sensor networks
Tese de Doutoramento em Engenharia Eletrónica e de Computadores (PDEEC) (especialidade em Informática Industrial e Sistemas Embebidos)The Internet of Things (IoT) is revolutionizing the Internet of the future and the
way new smart objects and people are being connected into the world. Its pervasive
computing and communication technologies connect myriads of smart devices, presented
at our everyday things and surrounding objects. Big players in the industry
forecast, by 2020, around 50 billion of smart devices connected in a multitude of scenarios
and heterogeneous applications, sharing data over a true worldwide network.
This will represent a trillion dollar market that everyone wants to take a share.
In a world where everything is being connected, device security and device interoperability
are a paramount. From the sensor to the cloud, this triggers several
technological issues towards connectivity, interoperability and security requirements
on IoT devices. However, fulfilling such requirements is not straightforward. While
the connectivity exposes the device to the Internet, which also raises several security
issues, deploying a standardized communication stack on the endpoint device
in the network edge, highly increases the data exchanged over the network. Moreover,
handling such ever-growing amount of data on resource-constrained devices,
truly affects the performance and the energy consumption. Addressing such issues
requires new technological and architectural approaches to help find solutions to
leverage an accelerated, secure and energy-aware IoT end-device communication.
Throughout this thesis, the developed artifacts triggered the achievement of important
findings that demonstrate: (1) how heterogeneous architectures are nowadays
a perfect solution to deploy endpoint devices in scenarios where not only (heavy
processing) application-specific operations are required, but also network-related capabilities
are major concerns; (2) how accelerating network-related tasks result in a
more efficient device resources utilization, which combining better performance and
increased availability, contributed to an improved overall energy utilization; (3) how
device and data security can benefit from modern heterogeneous architectures that
rely on secure hardware platforms, which are also able to provide security-related
acceleration hardware; (4) how a domain-specific language eases the co-design and
customization of a secure and accelerated IoT endpoint device at the network edge.Internet of Things (IoT) é o conceito que está a revolucionar a Internet do futuro
e a forma como coisas, processos e pessoas se conectam e se relacionam numa infraestrutura
de rede global que interligará, num futuro próximo, um vasto número de
dispositivos inteligentes e de utilização diária. Com uma grande aposta no mercado
IoT por parte dos grandes líderes na industria, algumas visões otimistas preveem
para 2020 mais de 50 mil milhões de dispositivos ligados na periferia da rede, partilhando
grandes volumes de dados importantes através da Internet, representando
um mercado multimilionário com imensas oportunidades de negócio.
Num mundo interligado de dispositivos, a interoperabilidade e a segurança é uma
preocupação crescente. Tal preocupação exige inúmeros esforços na exploração de
novas soluções, quer a nível tecnológico quer a nível arquitetural, que visem impulsionar
o desenvolvimento de dispositivos embebidos com maiores capacidades de
desempenho, segurança e eficiência energética, não só apenas do dispositivo em si,
mas também das camadas e protocolos de rede associados. Apesar da integração
de pilhas de comunicação e de protocolos standard das camadas de rede solucionar
problemas associados à conectividade e a interoperabilidade, adiciona a sobrecarga
inerente dos protocolos de comunicação e do crescente volume de dados partilhados
entre os dispositivos e a Internet, afetando severamente o desempenho e a disponibilidade
do mesmo, refletindo-se num maior consumo energético global.
As soluções apresentadas nesta tese permitiram obter resultados que demonstram:
(1) a viabilidade de soluções heterogéneas no desenvolvimento de dispositivos IoT,
onde não só tarefas inerentes à aplicação podem ser aceleradas, mas também tarefas
relacionadas com a comunicação do dispositivo; (2) os benefícios da aceleração de
tarefas e protocolos da pilha de rede, que se traduz num melhor desempenho do
dispositivo e aumento da disponibilidade do mesmo, contribuindo para uma melhor
eficiência energética; (3) que plataformas de hardware modernas oferecem mecanismos
de segurança que podem ser utilizados não apenas em prol da segurança do
dispositivo, mas também nas capacidades de comunicação do mesmo; (4) que o desenvolvimento
de uma linguagem de domínio específico permite de forma mais eficaz
e eficiente o desenvolvimento e configuração de dispositivos IoT inteligentes.This thesis was supported by a PhD scholarship from Fundação para a Ciência e Tecnologia, SFRH/BD/90162/201
Trusted SoC Realization for Remote Dynamic IP Integration
Heutzutage bieten field-programmable gate arrays (FPGAs) enorme Rechenleistung und Flexibilität. Zudem sind sie oft auf einem einzigen Chip mit eingebetteten Multicore-Prozessoren, DSP-Engines und Speicher-Controllern integriert. Dadurch sind sie für große und komplexe Anwendungen geeignet. Gleichzeitig führten die Fortschritte auf dem Gebiet der High-Level-Synthese und die Verfügbarkeit standardisierter Schnittstellen (wie etwa das Advanced eXtensible Interface 4) zur Entwicklung spezialisierter und neuartiger Funktionalitäten durch Designhäuser. All dies schuf einen Bedarf für ein Outsourcing der Entwicklung oder die Lizenzierung von FPGA-IPs (Intellectual Property). Ein Pay-per-Use IP-Lizenzierungsmodell, bei dem diese IPs vor allen Marktteilnehmern geschützt sind, kommt den Entwicklern der IPs zugute. Außerdem handelt es sich bei den Entwicklern von FPGA-Systemen in der Regel um kleine bis mittlere Unternehmen, die in Bezug auf die Markteinführungszeit und die Kosten pro Einheit von einem solchen Lizenzierungsmodell profitieren können.
Im akademischen Bereich und in der Industrie gibt es mehrere IP-Lizenzierungsmodelle und Schutzlösungen, die eingesetzt werden können, die jedoch mit zahlreichen Sicherheitsproblemen behaftet sind. In einigen Fällen verursachen die vorgeschlagenen Sicherheitsmaßnahmen einen unnötigen Ressourcenaufwand und Einschränkungen für die Systementwickler, d. h., sie können wesentliche Funktionen ihres Geräts nicht nutzen. Darüber hinaus lassen sie zwei funktionale Herausforderungen außer Acht: das Floorplanning der IP auf der programmierbaren Logik (PL) und die Generierung des Endprodukts der IP (Bitstream) unabhängig vom Gesamtdesign.
In dieser Arbeit wird ein Pay-per-Use-Lizenzierungsschema vorgeschlagen und unter Verwendung eines security framework (SFW) realisiert, um all diese Herausforderungen anzugehen. Das vorgestellte Schema ist pragmatisch, weniger restriktiv für Systementwickler und bietet Sicherheit gegen IP-Diebstahl. Darüber hinaus werden Maßnahmen ergriffen, um das System vor einem IP zu schützen, das bösartige Schaltkreise enthält. Das „Secure Framework“ umfasst ein vertrauenswürdiges Betriebssystem, ein reichhaltiges Betriebssystem, mehrere unterstützende Komponenten (z. B. TrustZone- Logik, gegen Seitenkanalangriffe (SCA) resistente Entschlüsselungsschaltungen) und Softwarekomponenten, z. B. für die Bitstromanalyse. Ein Gerät, auf dem das SFW läuft, kann als vertrauenswürdiges Gerät betrachtet werden, das direkt mit einem Repository oder einem IP-Core-Entwickler kommunizieren kann, um IPs in verschlüsselter Form zu erwerben. Die Entschlüsselung und Authentifizierung des IPs erfolgt auf dem Gerät, was die Angriffsfläche verringert und es weniger anfällig für IP-Diebstahl macht. Außerdem werden Klartext-IPs in einem geschützten Speicher des vertrauenswürdigen Betriebssystems abgelegt. Das Klartext-IP wird dann analysiert und nur dann auf der programmierbaren Logik konfiguriert, wenn es authentisch ist und keine bösartigen Schaltungen enthält. Die Bitstrom-Analysefunktionalität und die SFW-Unterkomponenten ermöglichen die Partitionierung der PL-Ressourcen in sichere und unsichere Ressourcen, d. h. die Erweiterung desKonzepts der vertrauenswürdigen Ausführungsumgebung (TEE) auf die PL. Dies ist die erste Arbeit, die das TEE-Konzept auf die programmierbare Logik ausweitet.
Bei der oben erwähnten SCA-resistenten Entschlüsselungsschaltung handelt es sich um die Implementierung des Advanced Encryption Standard, der so modifiziert wurde, dass er gegen elektromagnetische und stromverbrauchsbedingte Leckagen resistent ist. Das geschützte Design verfügt über zwei Gegenmaßnahmen, wobei die erste auf einer Vielzahl unterschiedler Implementierungsvarianten und veränderlichen Zielpositionen bei der Konfiguration basiert, während die zweite nur unterschiedliche Implementierungsvarianten verwendet. Diese Gegenmaßnahmen sind auch während der Laufzeit skalierbar. Bei der Bewertung werden auch die Auswirkungen der Skalierbarkeit auf den Flächenbedarf und die Sicherheitsstärke berücksichtigt.
Darüber hinaus wird die zuvor erwähnte funktionale Herausforderung des IP Floorplanning durch den Vorschlag eines feinkörnigen Automatic Floorplanners angegangen, der auf gemischt-ganzzahliger linearer Programmierung basiert und aktuelle FPGAGenerationen mit größeren und komplexen Bausteine unterstützt. Der Floorplanner bildet eine Reihe von IPs auf dem FPGA ab, indem er präzise rekonfigurierbare Regionen schafft. Dadurch werden die verbleibenden verfügbaren Ressourcen für das Gesamtdesign maximiert. Die zweite funktionale Herausforderung besteht darin, dass die vorhandenen Tools keine native Funktionalität zur Erzeugung von IPs in einer eigenständigen Umgebung bieten. Diese Herausforderung wird durch den Vorschlag eines unabhängigen IP-Generierungsansatzes angegangen. Dieser Ansatz kann von den Marktteilnehmern verwendet werden, um IPs eines Entwurfs unabhängig vom Gesamtentwurf zu generieren, ohne die Kompatibilität der IPs mit dem Gesamtentwurf zu beeinträchtigen
Recommended from our members
TRUSTWORTHY SYSTEMS AND PROTOCOLS FOR THE INTERNET OF THINGS
Processor-based embedded systems are integrated into many aspects of everyday life such as industrial control, automotive systems, healthcare, the Internet of Things, etc. As Moore’s law progresses, these embedded systems have moved from simple microcontrollers to full-scale embedded computing systems with multiple processor cores and operating systems support. At the same time, the security of these devices has also become a key concern. Our main focus in this work is the security and privacy of the embedded systems used in IoT systems. In the first part of this work, we take a look at the security of embedded systems from a hardware point of view. We describe why we believe current security approaches fall short when it comes to securing modern embedded processors. We propose our hardware monitoring solution and expand it to cover a variety of embedded systems with different architectural specifications and applications.
In the second part, we shift our focus from hardware to software and protocols involved in securing IoT systems and maintaining the privacy of the data they exchange. We argue why conventional financial mechanisms cannot be applied to this context when trying to monetize data sharing. We propose a financial mechanism based on blockchain technology and demonstrate how it can replace conventional methods. We discuss how the high processing demand of such protocols hinders widespread adoption on different IoT systems, mostly ones based on low-end embedded processors. To eliminate that barrier, we propose a novel, lightweight payment verification protocol that uses a hybrid IoT ecosystem based on low-end and mid-range embedded systems that can be horizontally integrated with other ecosystems and exchange data and assets with monetary values such as cryptocurrencies. The last part of this work is the further expansion of the aforementioned hardware monitoring approach to enable it to secure high-end embedded systems. Using this new hardware monitoring system, we build a prototype IoT system that runs our proposed lightweight payment verification protocol to exchange data and money. By evaluating this system, we illustrate how our hardware and software approaches can be complementary to each other to safeguard IoT devices against remote attacks
Securing Critical Infrastructures
1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert
The Digital Foundation Platform -- A Multi-layered SOA Architecture for Intelligent Connected Vehicle Operating System
Legacy AD/ADAS development from OEMs centers around developing functions on
ECUs using services provided by AUTOSAR Classic Platform (CP) to meet
automotive-grade and mass-production requirements. The AUTOSAR CP couples
hardware and software components statically and encounters challenges to
provide sufficient capacities for the processing of high-level intelligent
driving functions, whereas the new platform, AUTOSAR Adaptive Platform (AP) is
designed to support dynamically communication and provide richer services and
function abstractions for those resource-intensive (memory, CPU) applications.
Yet for both platforms, application development and the supporting system
software are still closely coupled together, and this makes application
development and the enhancement less scalable and flexible, resulting in longer
development cycles and slower time-to-market. This paper presents a
multi-layered, service-oriented intelligent driving operating system foundation
(we named it as Digital Foundation Platform) that provides abstractions for
easier adoption of heterogeneous computing hardware. It features a multi-layer
SOA software architecture with each layer providing adaptive service API at
north-bound for application developers. The proposed Digital Foundation
Platform (DFP) has significant advantages of decoupling hardware, operating
system core, middle-ware, functional software and application software
development. It provides SOA at multiple layers and enables application
developers from OEMs, to customize and develop new applications or enhance
existing applications with new features, either in autonomous domain or
intelligent cockpit domain, with great agility, and less code through
re-usability, and thus reduce the time-to-market.Comment: WCX SAE World Congress Experience 202
Arm TrustZone: evaluating the diversity of the memory subsystem
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded
device to become a broader concept that can accommodate more general-purpose solutions,
by widening its hardware and software resources. A huge diversity in system resources and
requirements has boosted the investigation around virtualization technology, which is becoming
prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and
software resources between specialized subsystems. As strict timing demands imposed in realtime
virtualized systems must be met, coupled with a small margin for the penalties incurred
by conventional software-based virtualization, resort to hardware-assisted solutions has become
indispensable.
Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many
as a reliable hardware-based virtualization alternative, with the low cost and high spread of
TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust-
Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range
of components that can fulfil specific functions, several key-components and subsystems of this
technology are implementation defined. This approach may hinder a system designer’s work, as
it may impair and make the portability of system software a lot more complicated.
As such, this thesis proposes to examine how different manufacturers choose to work with
the TrustZone architecture, and how the changes introduced by this technology may affect the
security and performance of TrustZone-assisted virtualization solutions, in order to scale back
those major constraints. It identifies the main properties that impact the creation and execution
of system software and points into what may be the most beneficial approaches for developing
and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos,
outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos
para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas
potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha
simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas
soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é
um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware.
Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de
inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença
em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado
que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir
os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou
até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta
tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software
de sistema dependente desta tecnologia.
Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes
fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que
medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho
de soluções de virtualização baseadas na mesma. São identificadas as principais características
que podem influenciar a criação e execução de software de sistema e potenciais medidas para
diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de
software e hardware baseados na TrustZone
- …