Device Driver and System Call Isolation in Embedded Devices

Abstract

The number of low-end embedded devices in today's Internet of Things and Cyber-Physical Systems is increasing along with their security concerns. Memory isolation mechanisms are often absent, programming flaws lead to malfunctioning applications, which in turn can crush the whole system. A common design approach in these devices is to have applications, operating system components, and device driver libraries reside in a single non-isolated address space, which represents one vast attack surface. Furthermore, with increasing network connectivity and frequent dynamic updates, new or modified applications and services are uploaded, opening space for even more attacks. Isolating the execution of applications in these systems is still a challenge. In this work we provide a holistic hardware/software co-designed approach for memoryisolation, which prevents corruption of the state of the operating system and applications from a buggy software, including device drivers, interrupt service routines, and misused system calls. We implemented low-cost architectural extensions in a RISC-V-based microcontroller which work together with kernel-based protection concepts. Our evaluation shows that applications as well as the kernel can enjoy the benefits of the proposed memory isolation with minimal impact on performance and an insignificant increase in the area of the MCU.