Abstract
The rise of the Internet of Things (IoT) has dramatically increased the number of low-cost embedded devices. Being introduced into today’s connected cyber-physical world, these devices now become vulnerable, especially if they offer no protection mechanisms. In this work we present a hardware/software co-designed memory protection approach that provides efficient, cheap, and effective isolation of tasks. The security extensions are implemented into a RISC-V-based MCU and a microkernel-based operating system. Our FPGA prototype shows that the hardware extensions use less than 5.5% of its area in terms of LUTs, and 24.7% in terms of FFs. They impose an extra 28% of context switch time, while providing protection of shared on-chip peripherals and authenticated communication via shared memory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
Performed by Vivado Simulator 2017.3.
References
embOS: Real-Time Operating System User Guide and Reference Manual. SEGGER Microcontroller GmbH (2018)
ARM Limited. ARM Security Technology - Building a Secure System using TrustZone Technology (2009)
Barry, R.: FreeRTOS reference manual: API functions and configuration options. Real Time Engineers Limited (2009)
Baunach, M.: Towards collaborative resource sharing under real-time conditions in multitasking and multicore environments. In: ETFA, pp 1–9. IEEE (2012)
Brasser, F.F. Mahjoub, B.E., Sadeghi, A.R., Wachsmann, C., Koeberl, P.: Tytan: tiny trust anchor for tiny devices. In: DAC, pp. 34:1–34:6. ACM (2015)
Berkay Celik, Z., McDaniel, P., Tan, G.: Soteria: automated IoT safety and security analysis. In: 2018 USENIX Annual Technical Conference (USENIX ATC 2018), Boston, MA, pp. 147–158. USENIX Association (2018)
Checkoway, S. et al.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, Berkeley, CA, USA, p. 6. USENIX Association (2011)
Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, TX, pp. 857–874. USENIX Association (2016)
Defrawy, K.E., Perito, D., Tsudik, G., et al.: Smart: secure and minimal architecture for (establishing a dynamic) root of trust. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium, pp. 5–8 (2012)
Heiser, G., Elphinstone, K.: L4 microkernels: the lessons from 20 years of research and deployment. ACM Trans. Comput. Syst. 34(1), 1:1–1:29 (2016)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security-a survey. IEEE Internet Things J. 4, 1802–1831 (2017)
Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys 2014, New York, NY, USA, pp. 10:1–10:14. ACM (2014)
Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F.C., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 67, 361–374 (2018)
Noorman, J. et al.: Sancus: low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), Washington, D.C., pp. 479–498. USENIX (2013)
Patrignani, M., Agten, P., Strackx, R., Jacobs, B., Clarke, D., Piessens, F.: Secure compilation to protected module architectures. ACM Trans. Program. Lang. Syst. 37(2), 6:1–6:50 (2015)
Waterman, A., Lee, Y., Asanović, K.: The RISC-V instruction set manual volume i: User-level ISA version 2.2. Technical report, EECS Department, University of California, Berkeley, May 2017
Waterman, A., Lee, Y., Asanović, K.: The RISC-V instruction set manual volume ii: Privileged architecture version 1.10. Technical report, EECS Department, University of California, Berkeley, May 2017
Zhang, T., Guan, N., Deng, Q., Yi, W.: Start time configuration for strictly periodic real-time task systems. J. Syst. Archit. 66(C), 61–68 (2016)
Acknowledgment
This work was conducted within the Lead-Project “Dependable Internet of Things in Adverse Environments”, subproject “Dependable Computing” (funded by TU Graz).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Malenko, M., Baunach, M. (2019). Hardware/Software Co-designed Security Extensions for Embedded Devices. In: Schoeberl, M., Hochberger, C., Uhrig, S., Brehm, J., Pionteck, T. (eds) Architecture of Computing Systems – ARCS 2019. ARCS 2019. Lecture Notes in Computer Science(), vol 11479. Springer, Cham. https://doi.org/10.1007/978-3-030-18656-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-18656-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18655-5
Online ISBN: 978-3-030-18656-2
eBook Packages: Computer ScienceComputer Science (R0)