Untrusted Code Compartmentalization for Bare Metal Embedded Devices

IF 2.7 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems Pub Date : 2024-11-06 DOI:10.1109/TCAD.2024.3444691

Liam Tyler;Ivan De Oliveira Nunes

{"title":"Untrusted Code Compartmentalization for Bare Metal Embedded Devices","authors":"Liam Tyler;Ivan De Oliveira Nunes","doi":"10.1109/TCAD.2024.3444691","DOIUrl":null,"url":null,"abstract":"Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications from smart personal spaces to complex industrial control systems and safety-critical medical equipment. While many of these devices perform safety- and time-critical tasks, they often lack support for security features compatible with their importance to overall system functions. This lack of architectural support leaves them vulnerable to run-time attacks that can remotely alter their intended behavior, with potentially catastrophic consequences. In particular, we note that, MCU software often includes untrusted third-party libraries (some of them closed-source) that are blindly used within MCU programs, without proper isolation from the rest of the system. In turn, a single vulnerability (or intentional backdoor) in one such third-party software can often compromise the entire MCU software state. In this article, we tackle this problem by proposing, demonstrating security, and formally verifying the implementation of UCCA: an \n<underline>U</u>\nntrusted \n<underline>C</u>\node \n<underline>C</u>\nompartment \n<underline>A</u>\nrchitecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections (e.g., third-party software modules) in resource-constrained and time-critical MCUs. To demonstrate UCCA’s practicality, we implement an open-source version of the design on a real resource-constrained MCU: the well-known TI MSP430. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than the prior related work.","PeriodicalId":13251,"journal":{"name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","volume":"43 11","pages":"3419-3430"},"PeriodicalIF":2.7000,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10745829/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications from smart personal spaces to complex industrial control systems and safety-critical medical equipment. While many of these devices perform safety- and time-critical tasks, they often lack support for security features compatible with their importance to overall system functions. This lack of architectural support leaves them vulnerable to run-time attacks that can remotely alter their intended behavior, with potentially catastrophic consequences. In particular, we note that, MCU software often includes untrusted third-party libraries (some of them closed-source) that are blindly used within MCU programs, without proper isolation from the rest of the system. In turn, a single vulnerability (or intentional backdoor) in one such third-party software can often compromise the entire MCU software state. In this article, we tackle this problem by proposing, demonstrating security, and formally verifying the implementation of UCCA: an U ntrusted C ode C ompartment A rchitecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections (e.g., third-party software modules) in resource-constrained and time-critical MCUs. To demonstrate UCCA’s practicality, we implement an open-source version of the design on a real resource-constrained MCU: the well-known TI MSP430. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than the prior related work.

查看原文本刊更多论文

裸金属嵌入式设备的非信任代码区隔

微控制器（MCU）是物理世界和数字世界之间的实际接口。因此，它们出现在从智能个人空间到复杂工业控制系统和安全关键型医疗设备等各种传感/执行应用中。虽然许多此类设备都能执行安全和时间关键型任务，但它们往往缺乏与其对整个系统功能的重要性相匹配的安全功能支持。由于缺乏架构支持，这些设备很容易受到运行时攻击，这些攻击可以远程改变设备的预期行为，并可能造成灾难性后果。我们特别注意到，MCU 软件通常包含不受信任的第三方库（其中一些是闭源库），这些库在 MCU 程序中被盲目使用，与系统的其他部分没有适当隔离。反过来，此类第三方软件中的一个漏洞（或故意后门）往往会危及整个 MCU 软件状态。在本文中，我们通过提出 UCCA（一种不受信任的代码区架构）、演示其安全性并正式验证其实现来解决这一问题。UCCA 在资源受限、时间紧迫的 MCU 中提供灵活的硬件强制隔离不受信任的代码段（如第三方软件模块）。为了证明 UCCA 的实用性，我们在著名的 TI MSP430 这一资源受限的 MCU 上实现了该设计的开源版本。我们的评估结果表明，UCCA 产生的开销很小，即使是最低端的 MCU 也能负担得起，与之前的相关工作相比，UCCA 所需的开销和假设条件要少得多。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 工程技术-工程：电子与电气

CiteScore

5.60

自引率

13.80%

发文量

500

审稿时长

7 months

期刊介绍： The purpose of this Transactions is to publish papers of interest to individuals in the area of computer-aided design of integrated circuits and systems composed of analog, digital, mixed-signal, optical, or microwave components. The aids include methods, models, algorithms, and man-machine interfaces for system-level, physical and logical design including: planning, synthesis, partitioning, modeling, simulation, layout, verification, testing, hardware-software co-design and documentation of integrated circuit and system designs of all complexities. Design tools and techniques for evaluating and designing integrated circuits and systems for metrics such as performance, power, reliability, testability, and security are a focus.