ABSTRACT
Many embedded systems contain resource constrained microcontrollers where applications, operating system components and device drivers reside within a single address space with no form of memory protection. Programming errors in one application can easily corrupt the state of the operating system and other applications on the microcontroller. In this paper we propose a system that provides memory protection in tiny embedded processors. Our system consists of a software run-time working with minimal low-cost architectural extensions to the processor core that prevents corruption of state by buggy applications. We restrict memory accesses and control flow of applications to protection domains within the address space. The software run-time consists of a Memory map: a flexible and efficient data structure that records ownership and layout information of the entire address space. Memory map checks are done for store instructions by hardware accelerators that significantly improve the performance of our system. We preserve control flow integrity by maintaining a Safe stack that stores return addresses in a protected memory region. Cross domain function calls are redirected through a software based jump table. Enhancements to the microcontroller call and return instructions use the jump table to track the current active domain. We have implemented our scheme on a VHDL model of ATMEGA103 microcontroller. Our evaluations show that embedded applications can enjoy the benefits of memory protection with minimal impact on performance and a modest increase in the area of the microcontroller.
- ARM7TDMI Technical Reference Manual. http://www.arm.com/pdfs/DDI0210C_7tdmi_r4pl_trm.pdf.Google Scholar
- D. Arora, A. Raghunathan, and N. K. Jha. Architectural support for safe software execution on embedded processors. In CODES+ISSS '06: Proc. 4th International Conference on Hardware/Software Codesign and System Synthesis, 2006. Google ScholarDigital Library
- A. Dunkels, N. Finne, J. Eriksson, and T. Voigt. Run-time dynamic linking for reprogramming wireless sensor networks. In SenSys '06: Proc. 4th ACM Conference on Embedded Networked Sensor Systems, 2006. Google ScholarDigital Library
- D. Gay, P. Levis, R. von Behren, and M. Welsh. The nesC language: A holistic approach to networked embedded systems. In PLDI '03: Proc. ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, 2003. Google ScholarDigital Library
- C.-C. Han, R. Kumar, R. Shea, E. Kohler, and M. Srivastava. SOS: A dynamic operating system for sensor networks. In MobiSys '05: Proc. 3rd International Conference on Mobile Systems, Applications, and Services, 2005. Google ScholarDigital Library
- J. Hill and D. Culler. Mica: A wireless platform for deeply embedded networks. In IEEE Micro., volume 22, pages 12--24, Nov/Dec 2002. Google ScholarDigital Library
- A. Inc. ARM 940T Technical Reference Manual.Google Scholar
- R. Kumar, E. Kohler, and M. Srivastava. Harbor: Software based memory protection for sensor nodes. In IPSN '07: Proc. 6th International Symposium on Information Processing in Sensor Networks, 2007. Google ScholarDigital Library
- P. Levis, D. Gay, and D. Culler. Active sensor networks. In NSDI '05: Proc. 2nd Symposium on Networked Systems Design and Implementation, 2005 Google ScholarDigital Library
- P. Levis, D. Gay, V. Handziski, J. H. Hauer, B. Greenstein, M. Turon, J. Hui, K. Klues, C. Sharp, R. Szewczyk, J. Polastre, P. Buonadonna, L. Nachman, G. Tolle, D. Culler, and A. Wolisz. T2: A second generation OS for embedded sensor networks. Technical Report TKN-05-007, Telecommunication Networks Group, Technische Universität Berlin, 2005.Google Scholar
- G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In POPL '02: Proc. 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2002. Google ScholarDigital Library
- F. Qin, S. Lu, and Y. Zhou. Safemem: Exploiting ecc-memory for detecting memory leaks and memory corruption during production runs. In International Symposium on High-Performance Computer Architecture (HPCA), 2005. Google ScholarDigital Library
- I. Technologies. TC1775: 32-Bit Single Chip Microcontroller.Google Scholar
- B. L. Titzer. Virgil: Objects on the head of a pin. In OOPSLA '06: Proc. 21st ACM SIGPLAN Conference on Object-Oriented Systems, Languages, and Applications, 2006. Google ScholarDigital Library
- E. Witchel, J. Cates, and K. Asanović. Mondrian memory protection. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2002. Google ScholarDigital Library
- Zigbee Consortium. www.zigbee.com.Google Scholar
Index Terms
- A system for coarse grained memory protection in tiny embedded processors
Recommendations
On memory protection in real-time OS for small embedded systems
RTCSA '97: Proceedings of the 4th International Workshop on Real-Time Computing Systems and ApplicationsMemory protection is an important OS feature for the reliability and safety of real-time control systems. In this paper, we study the feasibility of memory protection in small embedded systems in which memory size ranges from several tens of KBytes to ...
Tradeoffs in fine-grained heap memory protection
ASID '06: Proceedings of the 1st workshop on Architectural and system support for improving software dependabilityDifferent uses of memory protection schemes have different needs in terms of granularity. For example, heap security can benefit from chunk separation (by using protected "padding" boundaries) and meta-data protection. However, such protection can be ...
Convolutionally Encoded Memory Protection
A memory protection technique is described in which individually code-protected memory cells are supplemented with redundant memory cells derived from the basic cells according to the rules of a short constraint length convolutional code. The technique ...
Comments