The Design and Implementation of Embedded Security CPU Based on Multi-strategy

LI Dongfang; ZHAN Xin; TONG Qiaoling; ZOU Xuecheng; LIU Zhenglin

doi:10.1049/cje.2016.08.040

Volume 25 Issue 5

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2016 > 25(5): 801-806

LI Dongfang, ZHAN Xin, TONG Qiaoling, et al., “The Design and Implementation of Embedded Security CPU Based on Multi-strategy,” Chinese Journal of Electronics, vol. 25, no. 5, pp. 801-806, 2016, doi: 10.1049/cje.2016.08.040

Citation:

LI Dongfang, ZHAN Xin, TONG Qiaoling, et al., “The Design and Implementation of Embedded Security CPU Based on Multi-strategy,” Chinese Journal of Electronics, vol. 25, no. 5, pp. 801-806, 2016, doi: 10.1049/cje.2016.08.040

Citation:

PDF( 1114 KB)

The Design and Implementation of Embedded Security CPU Based on Multi-strategy

doi: 10.1049/cje.2016.08.040

1.
School of Optical and Electronic Information, Huazhong University of Science and Technology, Wuhan 430074, China;
2.
Beijing Institute of Computer Technology and Application, Beijing 100854, China;
3.
Department of Electrical and Computer Engineering, Texas A & M University, Texas 77843, USA

Funds: This work is supported by the National Natural Science Foundation of China (No.61176026, No.61376026).

More Information

Corresponding author: LIU Zhenglin (corresponding author) received the Ph.D. degree from Huazhong University of Science and Technology. Currently, he is a professor at School of Optical and Electronic Information, Huazhong University of Science and Technology. His main research areas include embedded system security and VLSI design. (Email:liuzhenglin@hust.edu.cn)
Received Date: 2014-01-10
Rev Recd Date: 2016-02-01
Publish Date: 2016-09-10

Abstract

Abstract

Control flow monitoring, information flow tracking and memory monitoring are the three main solutions to enhance the security of embedded system at the hardware architecture level. However, most of the current studies about the security of embedded system consider the above solutions in separate dimensions rather than a combined effort. We start from the operation model at the instruction level, and propose a security multi-strategy which combines information flow tracking and memory monitoring by studying the security operating mechanism of embedded system. As a hardware approach this strategy extends the embedded processor architecture with additional security defense control. The experimental results show this multi-strategy is more effective and can detect more malicious attacks than a single solution. The effectiveness of our proposed security multi-strategy has been verified in a Field programmable gate array (FPGA) prototype platform based on a customized Leon3 microprocessor.
- Information flow security,
- Taint tracking,
- Memory monitor module,
- Embedded processor architecture

FullText(HTML)

References(15)

References

Y. Jin, "Embedded system security in smart consumer electronics", Proc. of the 4th International Workshop on Trustworthy Embedded Devices, pp.59-59, 2014.

S. Chen, J. Xu, N. Nakka, et al., "Defeating memory corruption attacks via pointer taintedness detection", Proc. of the International Conference on Dependable Systems and Networks (DSN), pp.378-387, 2005.

M. Ozsoy, D. Ponomarev, N.A. Ghazaleh, et al., "SIFT:Lowcomplexity energy-efficient information flow tracking on SMT processors", IEEE Transactions on Computers, Vol.63, No.2, pp.484-496, 2014.

M.Dalton, H. Kannan and C. Kozyrakis, "Raksha:A flexible information flow architecture for software security", Proc. of 34th International Symposium on Computer Architecture, pp.482-493, 2007.

N. Vachharajani, M.J. Bridges, J. Chang, et al., "RIFLE:An architectural framework for user-centric information-flow security", Proc. of 37th Annual IEEE/ACM International Symposium on Microarchitecture, pp.243-254, 2004.

V.P. Kemerlis, G. Portokalidis, K. Jee, et al., "Libdft:Practical dynamic data flow tracking for commodity systems", Proc. of 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, pp.121-132, 2012.

G. Venkataramani, I. Doudalis, Y. Solihin, et al., "FlexiTaint:A programmable accelerator for dynamic taint propagation", Proc. of ACM/IEEE Design Automation Conference, pp.173-184, 2008.

Z. Liu, X.S. Zhang and X.D. Li, "Proactive vulnerability finding via information flow tracking", Proc. of the International Conference on Multimedia Information Networking and Security, pp.481-485, 2010.

M. Dalton, H. Kannan and C. Kozyrakis, "Real-world buffer overflow protection for user and kernel space", Proc. of the International Conference on Dependable Systems and Networks (DSN), pp.395-410, 2008.

C. Cowan, C. Pu, D. Maier, et al., "Stackguard:Automatic adaptive detection and prevention of buffer-overflow attacks", Proc. of the USENIX Security Symposium, pp.63-78, 1998.

Zili Shao and Edwin Sha, "Defending embedded systems against buffer overflow via hardware/software", Proc. of the International Conference on Information Technology:Coding and Computing, pp.352-361, 2004.

D. Li, Z. Liu and Y. Zhao, "HeapDefender:A mechanism of defending embedded systems against heap overflow via hardware", Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing (UIC/ATC), pp.851-856, 2012.

D. Li, Z. Lu, X. Zou, et al., "PUFKEY:A high-security and high-throughput hardware true random number generator for sensor networks", Sensors, Vol.15, No.10, pp.26251-26266, 2015.

SPARC Inc, "The SPARC Architecture Manual (Version 8)", http://www.gaisler.com, 2016-1-22.

Reouven Elbaz, David Champagne, Catherine Gebotys, et al., "Hardware mechanisms for memory authentication:A survey of existing techniques and engines", Transactions on Computational Science IV, Lecture Notes in Computer Science, Vol.5430, pp.1-22, 2009.

Relative Articles

Supplements(0)

Cited By

Proportional views