Abstract
In spite of numerous protection schemes, embedded systems are still faced with the danger of being attacked, especially at run time. Some ‘trusted’ programs may be attacked and then result in unintended behaviors, such as jumping to malicious code and leakage of sensitive data. Control flow authentication is one of efficient methods to protect the security of embedded system by ensuring system run along the designed control flow path. In this paper, we propose a new control flow authentication method to further improve the efficiency. A hardware monitor on chip is designed to help authenticate most control flow edges. And the control flow edges in loops are isolated and protected by self-validation software. This software method inserts assembly code upon every basic blocks in a loop to authenticate control flow edges by computing three validation variables. This loop isolation method helps hardware monitor to protect control flow edges which are repeatedly validated in loops to reduce validation times. With this combination, both performance and fault coverage rate have improved compared to traditional methods. To evaluate the performance, we built the system based on ARM v7-A architecture and simulated it using the cycle-accurate simulator GEM5 with SPEC2006 benchmarks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khudia, D.S., Mahlke, S.: Low cost control flow protection using abstract control signatures. ACM Sigplan Not. 5(48), 3–12 (2016)
Aktas, E., Afram, F., Ghose, K.: Continuous, low overhead, run-time validation of program executions. In: IEEE/ACM International Symposium on Microarchitecture, pp. 229–241. IEEE Computer Society (2014)
Trusted Platform Module spec, http://www.trustedcomputinggroup.org/
Fiskiran, A.M., Lee, R.B.: Runtime execution monitoring (REM) to detect and prevent malicious code execution, pp. 452–457. IEEE Computer Society (2004)
Arora, D., et al.: Hardware-assisted run-time monitoring for secure program execution on embedded processors. IEEE Trans. Very Large Scale Integr. Syst. 14, 1295–1308 (2006). IEEE
Davi, L., Koeberl, P., Sadeghi, A.R.: Hardware-assisted fine-grained control-flow integrity: towards efficient protection of embedded systems against software exploitation. In: Design Automation Conference, pp. 1–6. IEEE (2014)
Clercq, R.D., et al.: SOFIA: software and control flow integrity architecture. In: Design, Automation & Test in Europe Conference & Exhibition, pp. 1172–1177. Elsevier (2016)
Oh, N., Shirvani, P.P., Mccluskey, E.J.: Control-flow checking by software signatures. IEEE Trans. Reliab. 51, 111–122 (2002). IEEE
Das, S., Zhang, W., Liu, Y.: A fine-grained control flow integrity approach against runtime memory attacks for embedded systems. IEEE Trans. Very Large Scale Integr. Syst., 1–15 (2016). IEEE
Binkert, N., Beckmann, B., Black, G., et al.: The gem5 simulator. ACM SIGARCH Comput. Archit. News 2(39), 1–7 (2011)
Ganesan, K., Panwar, D., John, L.K.: Generation, validation and analysis of SPEC CPU2006 simulation points based on branch, memory and TLB characteristics. In: Computer Performance Evaluation and Benchmarking, SPEC Benchmark Workshop, pp. 121–137. ACM, Austin (2009)
Acknowledgements
The work was supported in part by China Scholarship Council, in part by the Open Project of Shanghai Key Laboratory of Trustworthy Computing under Grant No. 07dz22304201402, and in part by the Natural Science Foundation of Tianjin under Grant No. 11JCZDJC15800.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, Q., Guo, W., Sun, D., Wei, J. (2018). A High Efficient Control Flow Authentication Method Basing on Loop Isolation. In: Xu, W., Xiao, L., Li, J., Zhang, C., Zhu, Z. (eds) Computer Engineering and Technology. NCCET 2017. Communications in Computer and Information Science, vol 600. Springer, Singapore. https://doi.org/10.1007/978-981-10-7844-6_10
Download citation
DOI: https://doi.org/10.1007/978-981-10-7844-6_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7843-9
Online ISBN: 978-981-10-7844-6
eBook Packages: Computer ScienceComputer Science (R0)
