Download presentation
Presentation is loading. Please wait.
Published byBarbra Hoover Modified over 9 years ago
1
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui Sha, Renato Mancuso, Sibin Mohan 1
2
Rethinking Embedded System Security Traditional Embedded Systems Physically isolated environment Limited capability Use of specialized protocols Modern Embedded Systems More networked Increased capability Open, standard platform Sensitive/privacy information More vulnerable to security attacks Smart Grid Smart Car Smart Appliances Smart Phones 2
3
Challenges in Embedded System Security Limited Resources - Computational power, energy, cost Timing Requirement - Safety, reliability, quality of service System Upgrade - Verifiability they either require components that do not necessary exist in simple embedded system (such as trusted operating system or memory management units) Components the overheads imposed by them is not predictable enough for providing guarantees that are necessary for such systems. Predictable Overhead 3 Limitations in Existing Approaches
4
Our Solution 1.Extract the control Flow graph from executable 4 Time 2.Store the control flow graph on dedicated hardware 3.Check the run- time control flow with a dedicated hardware unit
5
Why It Works At inspection time, the dedicated core validates the execution flow. 5 Block x Block y Block z Malicious Code Block Time If malicious code gets executed, the control flow graph mutates...and detection is performed
6
Attacks 6 Overwrite the return address Overwrite a control variable Buffer Overflow Direct execution towards a libc function Return-into-libc Overwrite a function return address to chain the execution of small preexisting code fragments to produce arbitrary program behavior Return-oriented- programming Icode into a process with high privileges from a low-privileged one. Code injection
7
Architecture 7 Monitoring Module On-Chip Control Flow Monitoring Module (OCFMM) Block Info Program Counter Instruction Register Processor Isolated OCFMM Memory Block ID
8
Control Flow Example 8 main : instr_1 instr_2 lbl_2: instr_3 JEQ lbl_1 instr_4 instr_5 instr_6 JMP lbl_2 lbl_1: instr_7 instr_8 CALL func_1 instr_9 JMP lbl_2 func_1 :instr_f1 instr_f2 RET 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 block D block C block B block A block E n = 4 pc = instr_1 n = 4 pc = instr_1 A n = 4 pc = instr_4 n = 4 pc = instr_4 B n = 3 pc = instr_7 n = 3 pc = instr_7 C n = 2 pc = instr_9 n = 2 pc = instr_9 D n = 3 pc = instr_f1 n = 3 pc = instr_f1 E Yes No Yes/No For each block, we store: 1.Block ID 2.Address of first instruction 3.Number of instructions 4.Yes-Block 5.No-Block
9
Inspection Suppose that the execution is in block A 9 n = 4 pc = instr_1 n = 4 pc = instr_1 A 1. Check that PC is between instr_1 + n n = 4 pc = instr_4 n = 4 pc = instr_4 B n = 3 pc = instr_7 n = 3 pc = instr_7 C Yes No 2. If not, fetch Yes/No Blocks C & B from OCFMM memory 3. If execution is not at instr_7 nor at instr_4, raise detection flag
10
Predictable Overhead Overhead is paid in short blocks where integrity check is longer than block execution time. 10
11
Experiments Code replacement attack – one of the jump destinations is different from the expected address resulting Return address overwriting in stack – jump to a different return address 11
12
Limitations Unable to detect attacks that do not alter the CFG – Still attacking the platform is significantly harder 12 Need for ad-hoc platform – The proposed approach is hardware-based. Custom hardware needed
13
Effective and Applicable to Embedded Real-Time Systems Finite and predictable overhead Software updates in embedded/RT systems are relatively rare Hardware isolation provides guaranteed protection
14
Implementation Replacing on-chip SRAM unit of OCFMM with an external one CFG profile caching mechanism Measurements Extensive measurements on logic overhead Measurements on performance overhead with and without block information caching mechanism Expansion Distinguish between multiple tasks and monitor the control flow of each Securing the whole system by detecting and securing some critical components Future Plan 14
15
Question? 15 Thank You
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.