SCM : Secure Code Memory Architecture

An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exist no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the flexibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system

SOFIA : software and control flow integrity architecture

Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor

Comparison of the antifungal effect of undissociated lactic and acetic acid in sourdough bread and in chemically acidified wheat bread

Sourdough is a very interesting natural preservation system to prolong mould free shelf-life of bread. Numerous studies have reported that the antifungal activity of sourdough is mainly correlated with the presence of lactic (LA) and acetic acid (AA), but very few information is available on the effect of undissociated acid concentrations in the aqueous phase of bread (C-HA; mmole/L). This study was conducted to provide additional information about the mode of action of the acids in sourdough bread, enabling a better shelf-life prediction. This study was divided into two parts. In part 1, three industrial biological sourdoughs were characterized (dough yield, pH, a(w), fermentation quotient, microbiota). During 7 weeks, a shelf-life test with natural flora was conducted with daily checks of visible mould growth (21 degrees C). In part 2, the effect of the acids present in the antifungal active sourdough breads was validated in chemically acidified wheat breads. Complete growth inhibition was observed in full-baked sourdough bread (30 g/100 g dough) containing Lactobacillus sanfranciscensis and Saccharomyces cerevisiae as dominant sourdough micro-organisms, whereas in control bread the shelf-life was limited to 4.4-9.2 days. These full-baked sourdough breads contained 36 mmole undissociated LA/L and 220 mmole undissociated AA/L. The data were used to make General Linear Regression models for shelf-life prediction and resulted in a fit of R-2 = 0.79 when expressing the shelf-life in function of C-HA,C- LA and C-HA,C-AA. In acidified breads, the role of lactic acid was not significant and only impacted shelf-life indirectly through acidification. No difference between antifungal activity of sourdough breads and chemically acidified bread with comparable C-HA,C- AA concentrations was observed. Shelf-life increased when 150-200 mmole undissociated AA/L aqueous phase in bread was present. To conclude, this study showed the importance of the undissociated acid fraction of acetic acid in relation to bread shelf-life, together with bread pH and moisture content

Single-Cycle Implementations of Block Ciphers

© Springer International Publishing Switzerland 2016. Security mechanisms to protect our systems and data from malicious adversaries have become essential. Strong encryption algorithms are an important building block of these solutions. However, each application has its own requirements and it is not always possible to find a cipher that meets them all. This work compares unrolled combinational hardware implementations of six lightweight block ciphers, along with an AES implementation as a baseline. Up until now, the majority of such ciphers were designed for area-constrained environments where speed is often not crucial, but recently the need for single-cycle, low latency block ciphers with limited area requirements has arisen to build security architectures for embedded systems. Our comparison shows that some designers are already on this track, but a lot of work still remains to be done.status: publishe

SOFIA: Software and Control Flow Integrity Architecture

© 2017 Software components are frequently used in cyber-physical systems (CPSes) to control a physical mechanism, such as a valve or brakes on a car. These systems are extremely sensitive to software vulnerabilities, as their exploitation could lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture called SOFIA, which protects software running on microprocessors used in CPSes. SOFIA provides mechanisms to protect software integrity and control flow integrity. This allows the processor to defend against a large number of attacks, including code injection, code reuse, and fault-based attacks on the program counter. In addition, the architecture also defends against software copyright infringement and reverse engineering. All protection mechanisms are enforced in hardware using cryptographic techniques. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity using cryptographic techniques. A SOFIA core has been created by implementing the proposed architectural features on a LEON3 microprocessor. The SOFIA core requires that its software conforms to a strict format. To this end, we additionally designed and implemented a software toolchain to compile source code that adheres to the formatting rules. Several benchmarks were compiled with the SOFIA toolchain, and were executed on a SOFIA core running on an FPGA, showing an average total execution time overhead of 106% compared to an unmodified LEON3 core. Our hardware evaluation shows a clock speed reduction of 23.2%.status: publishe

SCM: Secure Code Memory Architecture

© 2017 ACM. An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there exists no architectural elements similar to SCM that offer the same strict security guarantees while, at the same time, not requiring any modifications to other IP cores in its SoC design. In addition, SCM has the exibility to select the parts of the software to be protected, which eases the integration of our solution with existing software. The evaluation of SCM was done on the Zynq platform which features an ARM processor and an FPGA. The design was evaluated by executing a number of different benchmarks from memory protected by SCM, and we found that it introduces minimal overhead to the system.status: accepte

Atlas: Application Confidentiality in Compromised Embedded Systems

© 2004-2012 IEEE. Due to the requirements of the Internet-of-Things, modern embedded systems have become increasingly complex, running different applications. In order to protect their intellectual property as well as the confidentiality of sensitive data they process, these applications have to be isolated from each other. Traditional memory protection and memory management units provide such isolation, but rely on operating system support for their configuration. However, modern operating systems tend to be vulnerable and cannot guarantee confidentiality when compromised. We present Atlas, a hardware-based security architecture, complementary to traditional memory protection mechanisms, ensuring code and data confidentiality through transparent encryption, even when the system software has been exploited. Atlas relies on its zero-software trusted computing base to protect against system-level attackers and also supports secure shared memory. We implemented Atlas based on the LEON3 softcore processor, including toolchain extensions for developers. Our FPGA-based evaluation shows minimal cycle overhead at the cost of a reduced maximum frequency.status: publishe

Architectural security for embedded control systems

Security issues in computer systems are pervasive and embedded control systems – from smart home appliances, the Internet of Things, to critical infrastructure in factories or power plants – are no different. This blog post summarises a line of research on architectural support for security features in embedded processors, with the potential to substantially raise the bar for attackers.http://blog.ieeesoftware.org/2019/05/architectural-security-for-embedded.htmlstatus: Published onlin

Validation of in-vitro antifungal activity of the fermentation quotient on bread spoilage moulds through growth/no-growth modelling and bread baking trials

The main objectives were to investigate the antifungal effect of lactic (LA) and acetic acid (AA) and the fermentation quotient (FQ, mol/L ratio of LA over AA) towards Penicillium paneum and Aspergillus niger through growth/no-growth modelling of in-vitro data and to validate its effect in chemically acidified bread by performing challenge tests. Results have shown that AA has strong antifungal activity towards both bread moulds, albeit that P. paneum is ten times more resistant compared to A. niger. Complete growth inhibition of A. niger on chemically acidified bread was observed during 35 days at 21 °C for concentrations of AA ≥ 33 mmol/kg dough or ≥165 mmol undissociated AA/L water phase in bread. Whereas for A. niger the FQ must be close to zero and the concentration of AA in bread 33 mmol/kg dough to achieve complete growth inhibition, very high concentrations of AA and LA were needed to prevent growth of P. paneum (>100 mmol/kg dough). The acids also affected yeast activity in dough resulting in lower specific volumes and harder bread crumb. To conclude, the antifungal activity of the FQ cannot be generalized because its antifungal power depends on the sensitivity of the mould species towards LA and AA