3,282 research outputs found
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
SCM : Secure Code Memory Architecture
An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exist no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the flexibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system
SOFIA : software and control flow integrity architecture
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor
- …