Customizing Skewed Trees for Fast Memory Integrity Verification in Embedded Systems

Abstract

Memory integrity in embedded systems has been a longstanding issue in trusted system design. Existing schemes perform runtime integrity verification using memory integrity trees in order to secure untrusted external memories from malicious attacks e.g. replay, spoofing, and splicing. However, the balanced memory integrity trees used in existing approaches lead to excessive memory access overheads during runtime verification. In this paper, we proposed a framework to construct customized integrity trees based on the memory access patterns of the application. The framework relies on an offline process to analyze the frequency of data accesses and utilizes the package merge algorithm to generate a skewed memory integrity tree based on the frequency pattern. To the best of our knowledge, our work is the first to propose an automated approach for generating customized memory integrity trees. We validated the effectiveness of our approach on the Altera NIOS II processor with an external DRAM. Experimental results based on applications from widely used CHStone and SNU Real-Time benchmarks demonstrated that the proposed approach can lead to an average performance gain of 18\% compared to the case where balanced memory integrity trees is used. To provide for further performance improvement in integrity tree verification, we implemented the encryption/decryption operation using custom instructions on the NIOS II processor. This resulted in an additional 10x performance improvement for the applications considered.