Hardware support for code integrity in embedded processors

Abstract

Computer security becomes increasingly important with continual growth of the number of interconnected computing platforms. Moreover, as capabilities of embedded processors increase, the applications running on these systems also grow in size and complexity, and so does the number of security vulnerabilities. Attacks that impair code integrity by injecting and executing malicious code are one of the major security issues. This problem can be addressed at different levels, from more secure software and operating systems, down to solutions that require hardware support. Most of the existing techniques tackle the problem of security flaws at the software level, but this approach lacks generality and often induces prohibitive overhead in performance and cost, or generates a significant number of false alarms. On the other hand, a further increase in the number of transistors on a single chip enables integrated hardware support for functions that formerly were restricted to the software domain. Hardware-supported defense techniques have the potential to be more general and more efficient than solely software solutions. This paper proposes four new architectural extensions to ensure complete run-time code integrity using instruction block signature verification. The experimental analysis shows that the proposed techniques have low performance and energy overhead. In addition, the proposed mechanism has low hardware complexity, and does not impose either changes to the compiler or changes to the existing instruction set architecture.

DOI: 10.1145/1086297.1086306

Extracted Key Phrases

11 Figures and Tables

Cite this paper

@inproceedings{Milenkovic2005HardwareSF, title={Hardware support for code integrity in embedded processors}, author={Milena Milenkovic and Aleksandar Milenkovic and Emil Jovanov}, booktitle={CASES}, year={2005} }