Wende Tan,Yuan Li,Chao Zhang,Xingman Chen,Songtao Yang,Ying Liu,Jianping Wu

DOI: https://doi.org/10.1109/dac18074.2021.9586274

2021-01-01

Abstract:Sensitive operations (e.g. control-flow transfers) are attractive targets for attackers. To protect them from being hijacked, we propose a new solution ROLoad to guarantee the integrity of their operands, which are loaded from (potentially corrupted) memory. We extend the RISC-V instruction set, implement an FPGA-based prototype of ROLoad, and then demonstrate two specific defense applications. Results show that this solution only costs few extra hardware resources (< 3.32%). However, it could enable many lightweight (e.g. with overheads less than 0.31%) defenses, and provide broader and stronger security guarantees than existing hardware solutions, e.g. ARM BTI and Intel CET.

Yutian Yang,Jinjiang Tu,Wenbo Shen,Songbo Zhu,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2023.3334268

2024-01-01

Abstract:Nowadays, code reuse attacks impose a substantial threat to the security of operating system kernels. Control-flow graph-based CFI techniques, while effective, bring considerable performance overhead, thus limiting their practical adoption in real-world products. As an alternative approach, recent research suggests safeguarding the integrity of sensitive pointers as a countermeasure against manipulation attempts. Unfortunately, existing pointer integrity protection schemes only protect sensitive pointers partially and ignore assembly code, leaving protection gaps. To fill up these protection gaps, we propose a novel security concept named full life-cycle integrity , which enforces the integrity of a sensitive pointer at every step on its value flow chain. To realize full life-cycle integrity, we propose three novel techniques, including assembly-aware sensitivity for analyzing assembly code, Merkle PAC tree for protecting interrupt context securely and efficiently, and pointer-grained authentication for defeating spatial substitution attacks. We have developed a practical implementation of comprehensive life-cycle integrity for the Linux kernel, called ”kernel Code Pointer Authentication” (kCPA), which leverages the ARM Pointer Authentication (PAuth) mechanism. This implementation has been extended to the Apple M1 architecture for real-world evaluation on PAuth hardware. Our assessment demonstrates that kCPA effectively mitigates a range of real-world attacks while incurring a minimal 2.5% performance overhead for the Phoronix Test Suite and nearly negligible performance impact for SPEC2017 benchmarks.

Weiyi Wang,Lang Feng,Zhiguo Shi,Cheng Zhuo,Jiming Chen

DOI: https://doi.org/10.23919/date58400.2024.10546789

2024-01-01

Abstract:Internet of Things (IoT) devices face an escalating threat from code reuse attacks (CRAs) as they can reuse existing code for malicious purpose. Thus a practical cost-effective Control-Flow Integrity (CFI) mechanism for IoT devices is urgently needed. However, existing CFI solutions suffer from impractical-ities, including high performance overhead and a heavy reliance on offline perfect Control-Flow Graph (CFG) generation. To tackle these challenges, we propose a fine-grained dependable CFI scheme for IoT devices that real-time updates the CFG of devices. We evaluate the implementation on RISC-V architectures and the results show that our CFI scheme provides both backward- and forward-edge protection with almost no performance overhead in the case of fixed CFG, negligible power overhead, and low hardware overhead. Compared to the current hardware-assisted CFI designs, our design eliminates the dependence on the offline perfect CFG generation and performs real-time CFG updating for better practicality.

Avani Dave Nilanjan Banerjee Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2305.03266

2023-05-05

Abstract:Modern society is getting accustomed to the Internet of Things (IoT) and Cyber-Physical Systems (CPS) for a variety of applications that involves security-critical user data and information transfers. In the lower end of the spectrum, these devices are resource-constrained with no attack protection. They become a soft target for malicious code modification attacks that steals and misuses device data in malicious activities. The resilient system requires continuous detection, prevention, and/or recovery and correct code execution (including in degraded mode). By end large, existing security primitives (e.g., secure-boot, Remote Attestation RA, Control Flow Attestation (CFA) and Data Flow Attestation (DFA)) focuses on detection and prevention, leaving the proof of code execution and recovery unanswered. To this end, the proposed work presents lightweight RARES -- Runtime Attack Resilient Embedded System design using verified Proof-of-Execution. It presents first custom hardware control register (Ctrl_register) based runtime memory modification attacks classification and detection technique. It further demonstrates the Proof Of Concept (POC) implementation of use-case-specific attacks prevention and onboard recovery techniques. The prototype implementation on Artix 7 Field Programmable Gate Array (FPGA) and state-of-the-art comparison demonstrates very low (2.3%) resource overhead and efficacy of the proposed solution.

Cryptography and Security,Hardware Architecture

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Yutian Yang,Songbo Zhu,Wenbo Shen,Yajin Zhou,Jiadong Sun,Kui Ren

DOI: https://doi.org/10.48550/arXiv.1912.10666

2020-10-12

Abstract:Code reuse attacks are still big threats to software and system security. Control flow integrity is a promising technique to defend against such attacks. However, its effectiveness has been weakened due to the inaccurate control flow graph and practical strategy to trade security for performance. In recent years, CPU vendors have integrated hardware features as countermeasures. For instance, ARM Pointer Authentication (PA in short) was introduced in ARMV8-A architecture. It can efficiently generate an authentication code for an address, which is encoded in the unused bits of the address. When the address is de-referenced, the authentication code is checked to ensure its integrity. Though there exist systems that adopt PA to harden user programs, how to effectively use PA to protect OS kernels is still an open research question. In this paper, we shed lights on how to leverage PA to protect control flows, including function pointers and return addresses, of Linux kernel. Specifically, to protect function pointers, we embed authentication code into them, track their propagation and verify their values when loading from memory or branching to targets. To further defend against the pointer substitution attack, we use the function pointer address as its context, and take a clean design to propagate the address by piggybacking it into the pointer value. We have implemented a prototype system with LLVM to identify function pointers, add authentication code and verify function pointers by emitting new machine instructions. We applied this system to Linux kernel, and solved numerous practical issues, e.g., function pointer comparison and arithmetic operations. The security analysis shows that our system can protect all function pointers and return addresses in Linux kernel.

Cryptography and Security,Operating Systems

Weike Wang,Xiaobing Zhang,Qiang Hao,Zhun Zhang,Bin Xu,Haifeng Dong,Tongsheng Xia,Xiang Wang

DOI: https://doi.org/10.3390/electronics8010052

IF: 2.9

2019-01-01

Electronics

Abstract:At present, the embedded systems are facing various kinds of attacks, especially for the data stored in the external memories. This paper presents a hardware-enhanced protection method to protect the data integrity and confidentiality at runtime, preventing the data from spoofing attack, splicing attack, replay attack, and some malicious analysis. For the integrity protection, the signature is calculated by the hardware implemented Lhash engine before the data sending off the chip, and the signature of the data block is recalculated and compared with the decrypted one at the load time. For the confidentiality protection, an AES encryption engine is used to generate the key stream, the plain data and the cipher data can translate through a simple XOR operation. The hardware cryptographic engines are optimized to work simultaneously with the memory access operation, which reduces the hardware overhead and the performance overhead. We implement the proposed architecture within OR1200 processor on Xilinx Virtex 5 FPGA platform. The experiment results show that the proposed hardware-enhanced protection method can preserve the integrity and confidentiality of the runtime data in the embedded systems with low power consumption and a marginal area footprint. The performance overhead is less than 2.27% according to the selected benchmarks.

Liu Ke,Wang Jing-Yi,Wei Qiang,Guizhou University,Sun Jun,Ma Rong-Kuan,Deng Rui-Long

DOI: https://doi.org/10.1007/s11390-021-1647-7

2021-01-01

Abstract:Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC and an OpenPLC-based device, respectively. The results show that HRPDF can defend against multiple types of attacks with 10.22% additional CPU and 5.56% additional memory overhead, and about 0.6 ms additional time overhead.

Donghyun Kwon,Dongil Hwang,Yunheung Paek

DOI: https://doi.org/10.3390/electronics10172068

IF: 2.9

2021-08-26

Electronics

Abstract:The OS kernel is typically preassumed as a trusted computing base in most computing systems. However, it also implies that once an attacker takes control of the OS kernel, the attacker can seize the entire system. Because of such security importance of the OS kernel, many works have proposed security solutions for the OS kernel using an external hardware module located outside the processor. By doing this, these works can realize the physical isolation of security solutions from the OS kernel running in the processor, but they cannot access the inner state of the processor, which attackers can manipulate. Thus, they elaborated several methods to overcome such limited capability of external hardware. However, those methods usually come with several side effects, such as high-performance overhead, kernel code modifications, and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, a new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To deliver the inner state of the host to RiskiM, we have devised a hardware interface architecture, called PEMI. Through PEMI, RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel. To empirically validate our monitoring platform’s security strength and performance, we have fully implemented PEMI and RiskiM on a RISC-V based processor and FPGA, respectively. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sanjeeu Das,Bihuan Chen,Mahintham Chandramohan,Yang Liu,Wei Zhang

DOI: https://doi.org/10.1016/j.cose.2017.11.011

IF: 5.105

2017-01-01

Computers & Security

Abstract:Return-Oriented Programming (ROP) is one of the most common techniques to exploit software vulnerabilities. However, existing defense techniques can be defeated by attackers, or suffer from high performance overhead. In this paper, we propose a defense framework, named ROPSentry, to detect ROP attacks at runtime. It is built on the observation that ROP exploits usually trigger different hardware events than normal programs generated by compilers. Hence, we leverage hardware performance counters to track such hardware events and analyze behavioral patterns of ROP attacks. ROPSentry has two approaches. The ROP-only defense approach detects ROP attacks via capturing the patterns of ROP exploits, where we propose to sample the hardware performance counters at mispredicted return events instead of at every microinstruction for a low performance overhead. To further reduce performance overhead, we propose a self-adaptive defense approach to dynamically switch between low and high sampling rates. It detects the patterns of spraying attacks (i.e., one common ROP payload delivery technique) at a low sampling rate, and then switches to a high sampling rate for detecting the patterns of ROP exploits. Our evaluation on 11 real-world ROP exploits, 50 synthetically generated ROP exploits and 1000 benign websites has shown that, the ROP-only and self-adaptive approaches are effective in detecting ROP attacks with low performance overhead (11% and 1% respectively) as well as low false positive; and they significantly outperform the state-of-the-art techniques in terms of performance overhead without losing the detection accuracy.

Xiaojing Zhu,Mingyu Chen,Yangyang Zhao,Zonghui Hong,Yunge Guo

DOI: https://doi.org/10.48550/arXiv.1804.03379

2018-04-10

Abstract:Plenty of in-process vulnerabilities are blamed on various out of bound memory accesses. Previous prevention methods are mainly based on software checking associated with performance overhead, while traditional hardware protection mechanisms only work for inter-process memory accesses. In this paper we propose a novel hardware based in-process isolation system called PULP (Protection by User Level Partition). PULP modifies processor core by associating program counter and virtual memory address to achieve in-process data isolation. PULP partitions the program into two distinct parts, one is reliable, called primary functions, and the other is unreliable, called secondary functions, the accessible memory range of which can be configured via APIs. PULP automatically checks the memory bound when executing load/store operations in secondary functions. A RISC-V based FPGA prototype is implementated and functional test shows that PULP can effectively prevent in-process bug, including the Heartbleed and other buffer overflow vulnerabilities, etc. The total runtime overhead of PULP is negligible, as there is no extra runtime overhead besides configuring the API. We run SPEC2006 to evaluate the average performance, considering the LIBC functions as secondary functions. Experimental timing results show that, running bzip2, mcf, and libquantum, PULP bears low runtime overhead (less than 0.1%). Analysis also shows that PULP can be used effectively to prevent the newest "Spectre" bug which threats nearly all out-of-order processors.

Cryptography and Security

Leila Delshadtehrani,Sadullah Canakci,Manuel Egele,Ajay Joshi

DOI: https://doi.org/10.48550/arXiv.2012.02715

2020-12-05

Abstract:With the continuous increase in the number of software-based attacks, there has been a growing effort towards isolating sensitive data and trusted software components from untrusted third-party components. A hardware-assisted intra-process isolation mechanism enables software developers to partition a process into isolated components and in turn secure sensitive data from untrusted components. However, most of the existing hardware-assisted intra-process isolation mechanisms in modern processors, such as ARM and IBM Power, rely on costly kernel operations for switching between trusted and untrusted domains. Recently, Intel introduced a new hardware feature for intra-process memory isolation, called Memory Protection Keys (MPK), which enables a user-space process to switch the domains in an efficient way. While the efficiency of Intel MPK enables developers to leverage it for common use cases such as Code-Pointer Integrity, the limited number of unique domains (16) prohibits its use in cases such as OpenSSL where a large number of domains are required. Moreover, Intel MPK suffers from the protection key use-after-free vulnerability. To address these shortcomings, in this paper, we propose an efficient intra-process isolation technique for the RISC-V open ISA, called SealPK, which supports up to 1024 unique domains. SealPK prevents the protection key use-after-free problem by leveraging a lazy de-allocation approach. To further strengthen SealPK, we devise three novel sealing features to protect the allocated domains, their associated pages, and their permissions from modifications or tampering by an attacker. To demonstrate the feasibility of our design, we implement SealPK on a RISC-V Rocket processor, provide the OS support for it, and prototype our design on an FPGA. We demonstrate the efficiency of SealPK by leveraging it to implement an isolated shadow stack on our FPGA prototype.

Cryptography and Security,Hardware Architecture

Tai Yue,Fengwei Zhang,Zhenyu Ning,Pengfei Wang,Xu Zhou,Kai Lu,Lei Zhou

DOI: https://doi.org/10.1109/tifs.2024.3372816

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Many modern processors have embedded hardware tracing techniques (e.g., Intel Processor Trace or ARM CoreSight). While these techniques are widely used due to their transparency and low overhead, they also bring serious security threats. Attackers can utilize hardware tracing to trace the trusted applications from a non-secure application. Existing protection techniques fail to effectively protect the runtime information when hardware tracing is employed. To counter these threats, in this paper, we propose a novel direction called anti-hardware tracing. Our key idea is to exploit the limitations of hardware tracing: trace buffer overflow can cause trace data loss. We build a model to analyse the overflow and outline three principles for efficient triggering overflows and achieving anti-hardware tracing: numerous branches in the program, high-speed execution of the program, and the high-water mark of the trace buffer. We develop a framework called Armor on ARM Juno R2 to realize our approach. Armor protects software against the trace unit Embedded Trace Macrocell (ETM) in CoreSight by instrumenting protection and loop functions. The protection function detects runtime environments, efficiently fills the trace buffer, and employs various protection strategies like PID (process identifier) replacement and PIE+STRIP+ASLR. Meanwhile, the loop function triggers overflows efficiently based on context-based calculations and anti-ETM loop. Our evaluation demonstrates that the overhead of Armor is 77.31% lower than that of OLLVM [1] on SPEC2006. Armor effectively hides 54.51% of basic blocks across 16 real-world applications, triggering 113× more overflows. Moreover, we showcase two practical applications of Armor. Firstly, we conduct a cryptographic and cross-world attack on GnuPG 1.4.13 RSA private keys using ETM, which can steal entire keys from a program in the Secure world with a single run. Armor successfully reduces leaked bits by 84.5%. Secondly, Armor impedes hardware-assisted fuzzing by reducing throughput by 89.71% and branch coverage by 47.99%.

computer science, theory & methods,engineering, electrical & electronic

Wanting Zhou,Kuo-Hui Ye,Shiwei Yuan,Lei Li

DOI: https://doi.org/10.1016/j.heliyon.2023.e17085

IF: 3.776

2023-06-13

Heliyon

Abstract:As the core of Internet of Things (IoT), embedded processors are being used more and more extensive. However, embedded processors face various hardware security issues such as hardware trojans (HT) and code tamper attacks. In this paper, a cycle-level recovery method for embedded processor against HT tamper is proposed, which builds two hardware-implementation units, a General-Purpose Register (GPRs) backup unit and a PC rollback unit. Once a HT tamper is detected, the two units will carry out fast recovery through rolling back to the exact PC address corresponding to the wrong instruction and resuming the instruction execution. An open RISC-V core of PULPino is adopted for recovery mechanism verification, the experimental results and hardware costs show that the proposed method could guarantee the processor restore from abnormal state in real time with a reasonable hardware overhead.

Xin-Ran WANG,Yu-Tao LIU,Hai-Bo CHEN

DOI: https://doi.org/10.13328/j.cnki.jos.005496

2018-01-01

Abstract:Return-Oriented programming (ROP),in which attackers corrupt program stack in order to hijack the control flow of the program,is a popular way to attack memory corruption bugs.Control flow integrity (CFI) is a popular approach which thwarts attackers tampering with execution flow,in a way that enforces the legal targets of each indirect branches.While published CFI approaches mainly focus on protecting user programs,the OS kernel is still vulnerable to various attacks such as return-oriented rootkits (ROR),which can launch ROP attacks in vulnerable kernel modules,is able to execute arbitrary code in kernel.Compared with traditional user-level ROP,ROR is more dangerous because it happens in kernel space.According to Linux CVE from 2014 to 2016,76％ of kernel bugs appear in kernel module and almost all of the published attacks happen in kernel modules,which infers that kernel modules happen to be the most dangerous area in the kernel space.However currently there are still very few number of kernel-level CFI protection mechanisms,and all of the existing ones require source-code level modification and kernel recompilation,which restricts the usage scenarios of the commodity systems.Facing off these problems,this paper proposes to leverage Intel processor trace (IPT),and presents the first system which can prevent against ROP attacks in kernel modules base on virtualization without relying on the source code of kernel and kernel modules.The evaluation proves the precision,transparency and efficiency of the new system.

Yu Qin,Jingbin Liu,Shijun Zhao,Dengguo Feng,Wei Feng

DOI: https://doi.org/10.1155/2020/8957641

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Software attacks like worm, botnet, and DDoS are the increasingly serious problems in IoT, which had caused large-scale cyber attack and even breakdown of important information infrastructure. Software measurement and attestation are general methods to detect software integrity and their executing states in IoT. However, they cannot resist TOCTOU attack due to their static features and seldom verify correctness of control flow integrity. In this paper, we propose a novel and practical scheme for software trusted execution based on lightweight trust. Our scheme RIPTE combines dynamic measurement and control flow integrity with PUF device binding key. Through encrypting return address of program function by PUF key, RIPTE can protect software integrity at runtime on IoT device, enabling to prevent the code reuse attacks. The results of our prototype’s experiment show that it only increases a small size TCB and has a tiny overhead in IoT devices under the constraint on function calling. In sum, RIPTE is secure and efficient in IoT device protection at runtime.

Zhenliang An,Weike Wang,Wenxin Li,Senyang Li,Dexue Zhang

DOI: https://doi.org/10.3390/mi14081525

IF: 3.4

2023-07-30

Micromachines

Abstract:The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Shoei Nashimoto,Daisuke Suzuki,Rei Ueno,Naofumi Homma

DOI: https://doi.org/10.46586/tches.v2022.i1.28-68

2021-11-19

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

Xiang Wang,Weike Wang,Bin Xu,Pei Du,Lin Li,Muyang Liu

DOI: https://doi.org/10.3217/jucs-024-04-0515

2018-01-01

Abstract:Embedded systems are subjected to various adversaries including software attacks, physical attacks, and side channel attacks. Most of these malicious attacks can lead to the invalid execution of programs, and launch of destructive actions or reveal critical information. However, most previous security mechanisms suffer from coarse checking granularity and unacceptable performance overhead, due to strict restriction on system resources. This paper presents a fine-grained hardware-based security approach to ensure runtime code integrity in the embedded systems by offline profiling of the program features and runtime integrity check. We design a hardware implemented instruction stream integrity checker (ISIC) to perform runtime checking of pre-extracted features. Any invalid execution of the program will trigger the corresponding exception signal. We implement the ISIC with OR1200 processor on XC5VLX50T field-programmable gate array (FPGA). The experimental results show that the proposed approach can detect all the attacks destructing integrity of the instruction stream, and the performance overhead induced by the security mechanism is less than 3.45% according to the selected benchmarks.

Zichen Zhou,Bin Xu,Qining Lu,Bo Yin,Renhao Fan,Tao Liu,Xiang Wang

2012-01-01

Abstract:This paper presents a series of novel architectural-enhanced security solutions. In the crosscompilation link stage, the automated compiler extracts the intrusion model for instruction code and static data, meanwhile secure tags of each main memory segment are added at the compile time automatically. At runtime, the designed hardware observes its dynamic execution trace and checks whether the trace conforms to the permissible behavior and trigger appropriate response mechanisms. The proposed methods don’t change the compiler or the existing instruction set and imposes no special restriction to the software developer. The hardware structure of protection design is implemented on an actual OR1200FPGA platform. The experimental analysis shows that the proposed techniques can prevent a wide range of common software and physical attacks with minimal resource cost and low performance consumption.