Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Support for Embedded Operating System Security

Published byCornelius Booth Modified over 6 years ago

Similar presentations

Presentation on theme: "Hardware Support for Embedded Operating System Security"— Presentation transcript:

1 Hardware Support for Embedded Operating System Security

2 Introduction Pervasive use of embedded systems
Serious security requirements Software based solutions not suitable for embedded systems Hardware monitoring as a solution Dedicated hardware co-located with the main processor Ensuring the safe behavior of the main processor at run-time Signaling the main processor upon detecting a deviation

3 Hardware Monitor Concept
Offline analysis of the code Checking the execution reports at run-time Alarming the processor upon detecting a deviation

4 Fine Grained Monitoring
Forming a state diagram based on the assembly code Compressing the values using hashing Processing the graph in order to realize it as an state machine

5 Challenges Monitoring multiple parallel applications
Following the context switching between the OS and the applications Monitoring the OS itself

6 System Architecture Main processor Hardware monitor
Crypto co-processor Describe an overall working of the system

7 Detection and Recovery
Receiving an instruction with an unacceptable hash value Interrupting the CPU Closing the misbehaving task and running the next high priority ready task

8 Prototype Implementation
NIOS II processor on Altera DE4 board Running µC/OS-II operating system Another NIOS II processor augmented with RSA decryption engine as the cryptographic processor

9 Resource Overhead Available on FPGA NIOS II with no HW monitor
HW monitor and controller Secure HW monitor loading LUTs 182,400 2,152 764 2,603 FFs 2,813 922 2,936 Mem. bits 14,625,792 2,199,552 2,580,288 2,074,492 per core per system

10 Graph Sizes Number of Instructions Number of Graph Entries
Graph Size (bits) uC/OS-II 22,913 23,625 850,500 basic_math 10,446 11,563 416,268 bitcount 6,731 7,823 281,628 qsort_small 7,113 9,055 325,980 qsort_large 7,302 9,116 328,176

11 Prototype Evaluation Realization of the hardware monitor on DE4 board
Continuous protection of the system during its normal operation Successful detection of a format string attack About 35% area overhead Negligible performance overhead

12 Summary Security in embedded systems is important
We developed a hardware monitor to detect and stop attacks Practical solution for complex OS based multitask systems Small area overhead but memory requirement proportional to binary size No frequency slow down imposed by the added hardware A real world attack scenario implemented and stopped using the implemented solution Effective approach to protecting embedded systems from attacks

13 Thank You

Download ppt "Hardware Support for Embedded Operating System Security"

Similar presentations

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.

Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
- the new generation realtime operating system For embedded and fault tolerant applications.

- the new generation realtime operating system For embedded and fault tolerant applications.
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Review: Operating System Manages all system resources ALU Memory I/O Files Objectives: Security Efficiency Convenience.

Review: Operating System Manages all system resources ALU Memory I/O Files Objectives: Security Efficiency Convenience.
Processes 1 CS502 Spring 2006 Processes Week 2 – CS 502.

Processes 1 CS502 Spring 2006 Processes Week 2 – CS 502.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
EET 4250: Chapter 1 Performance Measurement, Instruction Count & CPI Acknowledgements: Some slides and lecture notes for this course adapted from Prof.

EET 4250: Chapter 1 Performance Measurement, Instruction Count & CPI Acknowledgements: Some slides and lecture notes for this course adapted from Prof.
Computer Organization and Architecture

Computer Organization and Architecture
Lecture 1: Introduction CS170 Spring 2015 Chapter 1, the text book. T. Yang.

Lecture 1: Introduction CS170 Spring 2015 Chapter 1, the text book. T. Yang.
Operating Systems (CSCI2413) Lecture 3 Processes phones off (please)

Operating Systems (CSCI2413) Lecture 3 Processes phones off (please)
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Senior Design May 12-08 AbstractDesign Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren Our project is to develop a working emulator for an Android.

Senior Design May AbstractDesign Alex Frisvold Alex Meyer Nazmus Sakib Eric Van Buren Our project is to develop a working emulator for an Android.
OS Implementation On SOPC Final Presentation

OS Implementation On SOPC Final Presentation
Department of Electrical and Computer Engineering Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Tilman Wolf, and Russell Tessier Department.

Department of Electrical and Computer Engineering Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Tilman Wolf, and Russell Tessier Department.
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Similar presentations

Ads by Google