Skip to main content
SpringerLink
Log in

An In-depth Study of MPU-Based Isolation Techniques

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Many attacks have been reported and published targeting constrained embedded systems. Attackers try to exploit vulnerabilities through all possible layers of abstraction. A single vulnerability can be enough to take over the whole device and change its intended behavior. Hardware/software isolation architectures implemented in embedded devices provide access control mechanisms to establish a protected execution environment and guarantee the behavior of the running applications. They enforce the boundaries to stop a malicious flaw from propagating from one application to others, especially those that are critical. They represent a form of resilience to different exploits. This paper provides a detailed study of existing memory protection unit-based isolation architectures for lightweight devices and defines four important criteria to evaluate and compare architectures from both academia and industry. Outcomes of this work will help developers and hardware designers to find balance between performance and security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10.

Similar content being viewed by others

References

  1. Kate Temkin MS (2018) Fusee Gelee exploit

  2. (2018) Shofel2 exploit

  3. de Clercq R, Verbauwhede I (2017) A survey of hardware-based control flow integrity (CFI). CoRR abs/1706.07257:

  4. 2017 I (2017) Intel control-flow enforcement technology preview

  5. Qualcomm Technologies I (2017) Pointer authentication on ARMv8.3

  6. Davi L, Hanreich M, Paul D, et al (2015) HAFIX: Hardware-Assisted Flow Integrity eXtension. 2015 52nd ACM/EDAC/IEEE Des Autom Conf 1–6

  7. Karger PA, Schell RR (2002) Thirty years later: lessons from the multics security evaluation. ACSAC, In

    Google Scholar 

  8. ARM (2015) uVisor. GitHub Repos

  9. Levy AA, Campbell B, Ghena B, et al (2017) Multiprogramming a 64kB computer safely and efficiently. In: SOSP

  10. Brasser FF, Mahjoub B El, Sadeghi A-R, et al (2015) TyTAN: tiny trust anchor for tiny devices. 2015 52nd ACM/EDAC/IEEE Des Autom Conf 1–6

  11. Noorman J, Agten P, Daniels W, et al (2013) Sancus: low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: USENIX Security Symposium

  12. eChronos (2018) eChronos

  13. Koeberl P, Schulz S, Sadeghi A-R, Varadharajan V (2014) TrustLite: a security architecture for tiny embedded devices. EuroSys, In

    Book  Google Scholar 

  14. Kumar R, Kohler E, Srivastava MB (2007) Harbor: software-based memory protection for sensor nodes. 2007 6th Int Symp Inf Process Sens Networks 340–349

  15. NVD (2015) NVD. NIST

  16. Shu R, Wang P, Gorski SA et al (2016) A study of security isolation techniques. ACM Comput Surv 49(50):1-50:37

    Google Scholar 

  17. Szekeres L, Payer M, Wei T, Song DX (2013) SoK: eternal war in memory. IEEE Symp Secur Priv 2013:48–62

  18. Song Y (2017) On control flow hijacks of unsafe rust

  19. Papp D, Ma Z, Buttyán L (2015) Embedded systems security: threats, vulnerabilities, and attack taxonomy. 2015 13th Annu Conf Privacy, Secur Trust 145–152

  20. Larsen P, Homescu A, Brunthaler S, Franz M (2014) SoK: automated software diversity. IEEE Symp Secur Priv 2014:276–291

  21. Tock (2015) TockOS. GitHub Repos

  22. Clements AA, Almakhdhub NS, Bagchi S, Payer M (2018) ACES: automatic compartments for embedded systems. In: USENIX Security Symposium

  23. Levy AA, Campbell B, Ghena B et al (2017) The case for writing a kernel in rust. APSys, In

    Book  Google Scholar 

  24. Clements AA, Almakhdhub NS, Saab KS et al (2017) Protecting bare-metal embedded systems with privilege overlays. IEEE Symp Secur Priv 2017:289–303

  25. LLVM (2015) Add support for embedded position-independent code (ROPI/RWPI). LLVM

  26. Nilsson F, Adolfsson N (2017) A rust-based runtime for the internet of things

  27. Hunt G, Letey G, Nightingale E (2017) The seven properties of highly secure devices

Download references

Author information

Authors and Affiliations

  1. Maxim Integrated, La Ciotat, France

    Abderrahmane Sensaoui & Stephane Di Vito

  2. University of Grenoble Alpes, Grenoble INP, LCIS, Grenoble, France

    Abderrahmane Sensaoui, Oum-El-Kheir Aktouf & David Hely

Authors
  1. Abderrahmane Sensaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oum-El-Kheir Aktouf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Hely
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephane Di Vito
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abderrahmane Sensaoui.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sensaoui, A., Aktouf, OEK., Hely, D. et al. An In-depth Study of MPU-Based Isolation Techniques. J Hardw Syst Secur 3, 365–381 (2019). https://doi.org/10.1007/s41635-019-00078-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-019-00078-6

Keywords

Search

Navigation