research-article

Software-based gate-level information flow security for IoT systems

Authors:

Hari Cherupalli,

John SartoriAuthors Info & Claims

MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 328 - 340

https://doi.org/10.1145/3123939.3123955

Published: 14 October 2017 Publication History

Abstract

The growing movement to connect literally everything to the internet (internet of things or IoT) through ultra-low-power embedded microprocessors poses a critical challenge for information security. Gate-level tracking of information flows has been proposed to guarantee information flow security in computer systems. However, such solutions rely on non-commodity, secure-by-design processors. In this work, we observe that the need for secure-by-design processors arises because previous works on gate-level information flow tracking assume no knowledge of the application running in a system. Since IoT systems typically run a single application over and over for the lifetime of the system, we see a unique opportunity to provide application-specific gate-level information flow security for IoT systems. We develop a gate-level symbolic analysis framework that uses knowledge of the application running in a system to efficiently identify all possible information flow security vulnerabilities for the system. We leverage this information to provide security guarantees on commodity processors. We also show that security vulnerabilities identified by our analysis framework can be eliminated through software modifications at 15% energy overhead, on average, obviating the need for secure-by-design hardware. Our framework also allows us to identify and eliminate only the vulnerabilities that an application is prone to, reducing the cost of information flow security by 3.3× compared to a software-based approach that assumes no application knowledge.

References

[1]

M. Stanislav and T. Beardsley, "Hacking iot: A case study on baby monitor exposures and vulnerabilities," 2015.

[2]

C. Miller and C. Valasek, "Remote exploitation of an unaltered passenger vehicle," Black Hat USA, vol. 2015, 2015.

[3]

H. Wang, T. T.-T. Lai, and R. Roy Choudhury, "Mole: Motion leaks through smart-watch sensors," in Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, MobiCom '15, (New York, NY, USA), pp. 155--166, ACM, 2015.

Digital Library

[4]

S. Sridhar, A. Hahn, and M. Govindarasu, "Cyber-physical system security for the electric power grid," Proceedings of the IEEE, vol. 100, pp. 210--224, Jan 2012.

[5]

J. Sametinger, J. Rozenblit, R. Lysecky, and P. Ott, "Security challenges for medical devices," Commun. ACM, vol. 58, pp. 74--82, Mar. 2015.

Digital Library

[6]

J. Clause, W. Li, and A. Orso, "Dytan: A generic dynamic taint analysis framework," in Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA '07, (New York, NY, USA), pp. 196--206, ACM, 2007.

Digital Library

[7]

F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu, "Lift: A low-overhead practical information flow tracking system for detecting security attacks," in Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 39, (Washington, DC, USA), pp. 135--148, IEEE Computer Society, 2006.

Digital Library

[8]

J. Newsome, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software," 2005.

[9]

M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham, "Vigilante: End-to-end containment of internet worms," in Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, SOSP '05, (New York, NY, USA), pp. 133--147, ACM, 2005.

Digital Library

[10]

W. Xu, S. Bhatkar, and R. Sekar, "Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks," in Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, (Berkeley, CA, USA), USENIX Association, 2006.

Digital Library

[11]

F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, "Cross-site scripting prevention with dynamic data tainting and static analysis," in In Proceeding of the Network and Distributed System Security Symposium (NDSS'07, 2007.

[12]

M. Dalton, H. Kannan, and C. Kozyrakis, "Raksha: A flexible information flow architecture for software security," in Proceedings of the 34th Annual International Symposium on Computer Architecture, ISCA '07, (New York, NY, USA), pp. 482--493, ACM, 2007.

Digital Library

[13]

S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. B. Gibbons, T. C. Mowry, V. Ramachandran, O. Ruwase, M. Ryan, and E. Vlachos, "Flexible hardware acceleration for instruction-grain program monitoring," in 2008 International Symposium on Computer Architecture, pp. 377--388, June 2008.

Digital Library

[14]

G. Venkataramani, I. Doudalis, Y. Solihin, and M. Prvulovic, "Flexitaint: A programmable accelerator for dynamic taint propagation," in 2008 IEEE 14th International Symposium on High Performance Computer Architecture, pp. 173--184, Feb 2008.

[15]

H. Chen, X. Wu, L. Yuan, B. Zang, P. c. Yew, and F. T. Chong, "From speculation to security: Practical and efficient information flow tracking using speculative hardware," in 2008 International Symposium on Computer Architecture, pp. 401--412, June 2008.

Digital Library

[16]

M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood, "Complete information flow tracking from the gates up," SIGPLAN Not., vol. 44, pp. 109--120, Mar. 2009.

Digital Library

[17]

W. Hu, J. Oberg, A. Irturk, M. Tiwari, T. Sherwood, D. Mu, and R. Kastner, "On the complexity of generating gate level information flow tracking logic," IEEE Transactions on Information Forensics and Security, vol. 7, pp. 1067--1080, June 2012.

Digital Library

[18]

M. Tiwari, X. Li, H. M. G. Wassel, F. T. Chong, and T. Sherwood, "Execution leases: A hardware-supported mechanism for enforcing strong non-interference," in 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 493--504, Dec 2009.

Digital Library

[19]

M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood, "Crafting a usable microkernel, processor, and i/o system with strict and provable information flow security," in Proceedings of the 38th Annual International Symposium on Computer Architecture, ISCA '11, (New York, NY, USA), pp. 189--200, ACM, 2011.

Digital Library

[20]

"Products with an MSP430." http://43oh.com/2012/03/winner-products-using-the-msp430/.

[21]

X. Li, M. Tiwari, J. K. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf, "Caisson: A hardware description language for secure information flow," in Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, (New York, NY, USA), pp. 109--120, ACM, 2011.

Digital Library

[22]

X. Li, V. Kashyap, J. K. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. T. Chong, "Sapper: A language for hardware-level security policy enforcement," in Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, (New York, NY, USA), pp. 97--112, ACM, 2014.

Digital Library

[23]

D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers, "A hardware design language for timing-sensitive information-flow security," in Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, (New York, NY, USA), pp. 503--516, ACM, 2015.

Digital Library

[24]

A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers, and G. E. Suh, "Verification of a practical hardware security architecture through static information flow analysis," in Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '17, (New York, NY, USA), pp. 555--568, ACM, 2017.

Digital Library

[25]

C. Cadar and K. Sen, "Symbolic execution for software testing: Three decades later," Commun. ACM, vol. 56, pp. 82--90, Feb. 2013.

Digital Library

[26]

K. Hamaguchi, "Symbolic simulation heuristics for high-level design descriptions with uninterpreted functions," in High-Level Design Validation and Test Workshop, 2001. Proceedings. Sixth IEEE International, pp. 25--30, 2001.

Digital Library

[27]

"International Technology Roadmap for Semiconductors 2.0 2015 Edition Executive Report." http://www.semiconductors.org/main/2015_international_technology_-roadmap_for_semiconductors_itrs/.

[28]

G. Press, "Internet of Things By The Numbers: Market Estimates And Forecasts," Forbes, 2014.

[29]

O. Girard, "OpenMSP430 project," available at opencores.org, 2013.

[30]

Wikipedia, "List of wireless sensor nodes," 2016. {Online; accessed 7-April-2016}.

[31]

J. Borgeson, "Ultra-low-power pioneers: TI slashes total MCU power by 50 percent with new "Wolverine" MCU platform," Texas Instruments White Paper, 2012.

[32]

Synopsys, Design Compiler User Guide.

[33]

Cadence, Encounter Digital Implementation User Guide.

[34]

B. Zhai, S. Pant, L. Nazhandali, S. Hanson, J. Olson, A. Reeves, M. Minuth, R. Helfand, T. Austin, D. Sylvester, et al., "Energy-efficient subthreshold processor design," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. 17, no. 8, pp. 1127--1137, 2009.

Digital Library

[35]

"EEMBC, Embedded Microprocessor Benchmark Consortium." http://www.eembc.org.

[36]

"The FreeRTOS website." http://www.freertos.org/.

[37]

M. Magno, L. Benini, C. Spagnol, and E. Popovici, "Wearable low power dry surface wireless sensor node for healthcare monitoring application," in Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on, pp. 189--195, IEEE, 2013.

[38]

R. Yu and T. Watteyne, "Reliable, Low Power Wireless Sensor Networks for the Internet of Things: Making Wireless Sensors as Accessible as Web Servers," Linear Technology, 2013.

[39]

A. Dunkels, J. Eriksson, N. Finne, F. Osterlind, N. Tsiftes, J. Abeillé, and M. Durvy, "Low-Power IPv6 for the internet of things," in Networked Sensing Systems (INSS), 2012 Ninth International Conference on, pp. 1--6, IEEE, 2012.

[40]

R. Tessier, D. Jasinski, A. Maheshwari, A. Natarajan, W. Xu, and W. Burleson, "An energy-aware active smart card," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. 13, no. 10, pp. 1190--1199, 2005.

Digital Library

[41]

C. Park, P. H. Chou, Y. Bai, R. Matthews, and A. Hibbs, "An ultra-wearable, wireless, low power ECG monitoring system," in Biomedical Circuits and Systems Conference, 2006. BioCAS 2006. IEEE, pp. 241--244, IEEE, 2006.

Cited By

Ryan KGregoire MSturton C(2023)SEIF: Augmented Symbolic Execution for Information Flow in Hardware DesignsProceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3623652.3623666(1-9)Online publication date: 29-Oct-2023
https://dl.acm.org/doi/10.1145/3623652.3623666
Kumar R(2022)When Tiny Goes BigGetMobile: Mobile Computing and Communications10.1145/3511285.351128925:3(12-17)Online publication date: 7-Jan-2022
https://doi.org/10.1145/3511285.3511289
Kannan THoffmann HFalsafi BFerdman MLu SWenisch T(2022)Protecting adaptive sampling from information leakage on low-power sensorsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507775(240-254)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507775
Show More Cited By

Index Terms

Software-based gate-level information flow security for IoT systems
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Special purpose systems
  2. Embedded and cyber-physical systems
    1. Embedded systems

Recommendations

RFC 8576: Internet of Things (IoT) Security: State of the Art and Challenges
Security Threats and Possible Countermeasures in IoT Applications Covering Different Industry Domains
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

The world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently a plethora of interconnected smart devices have been deployed for diverse ...
An Application of the (max, +) Algebra to Information Flow Security
ICN '08: Proceedings of the Seventh International Conference on Networking

Confidentiality is one of the most important topics in computer security research. In order to check and ensure confidentiality information flow models are widely used. These models support the specification of valid flows of information. Furthermore, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture

October 2017

850 pages

ISBN:9781450349529

DOI:10.1145/3123939

General Chairs:
Hillery Hunter
IBM Research
,
Jaime Moreno
IBM Research
,
Program Chairs:
Joel Emer
NVIDIA and MIT
,
Daniel Sanchez
MIT

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MICRO-50

Sponsor:

SIGMICRO
IEEE-CS\DATC

MICRO-50: The 50th Annual IEEE/ACM International Symposium on Microarchitecture

October 14 - 18, 2017

Massachusetts, Cambridge

Acceptance Rates

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
453
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ryan KGregoire MSturton C(2023)SEIF: Augmented Symbolic Execution for Information Flow in Hardware DesignsProceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3623652.3623666(1-9)Online publication date: 29-Oct-2023
https://dl.acm.org/doi/10.1145/3623652.3623666
Kumar R(2022)When Tiny Goes BigGetMobile: Mobile Computing and Communications10.1145/3511285.351128925:3(12-17)Online publication date: 7-Jan-2022
https://doi.org/10.1145/3511285.3511289
Kannan THoffmann HFalsafi BFerdman MLu SWenisch T(2022)Protecting adaptive sampling from information leakage on low-power sensorsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507775(240-254)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507775
Sethumurugan SHegde SCherupalli HSartori JOshana R(2022)A scalable symbolic simulation tool for low power embedded systemsProceedings of the 59th ACM/IEEE Design Automation Conference10.1145/3489517.3530433(175-180)Online publication date: 10-Jul-2022
https://dl.acm.org/doi/10.1145/3489517.3530433
Amir-Mohammadian SCao JHo Au MConti MTippenhauer N(2021)A Semantic Framework for Direct Information Flows in Hybrid-Dynamic SystemsProceedings of the 7th ACM on Cyber-Physical System Security Workshop10.1145/3457339.3457981(5-15)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3457339.3457981
Hu WArdeshiricham AKastner R(2021)Hardware Information Flow TrackingACM Computing Surveys10.1145/344786754:4(1-39)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.1145/3447867
McMahan JChristensen MDewey KHardekopf BSherwood TManne SHunter HAltman E(2019)BouncerProceedings of the 46th International Symposium on Computer Architecture10.1145/3307650.3322256(711-722)Online publication date: 22-Jun-2019
https://dl.acm.org/doi/10.1145/3307650.3322256
Taram MVenkat ATullsen DBahar IHerlihy MWitchel ELebeck A(2019)Context-Sensitive FencingProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304060(395-410)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304060
Zhang RDeutschbein CHuang PSturton COskin MInoue K(2018)End-to-end automated exploit generation for validating the security of processor designsProceedings of the 51st Annual IEEE/ACM International Symposium on Microarchitecture10.1109/MICRO.2018.00071(815-827)Online publication date: 20-Oct-2018
https://dl.acm.org/doi/10.1109/MICRO.2018.00071

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten