Securing Real-Time Microcontroller Systems through Customized Memory View Switching

C. Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, X. Zhang, Dongyan Xu
{"title":"Securing Real-Time Microcontroller Systems through Customized Memory View Switching","authors":"C. Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, X. Zhang, Dongyan Xu","doi":"10.14722/NDSS.2018.23107","DOIUrl":null,"url":null,"abstract":"Real-time microcontrollers have been widely adopted in cyber-physical systems that require both real-time and security guarantees. Unfortunately, security is sometimes traded for real-time performance in such systems. Notably, memory isolation, which is one of the most established security features in modern computer systems, is typically not available in many real-time microcontroller systems due to its negative impacts on performance and violation of real-time constraints. As such, the memory space of these systems has created an open, monolithic attack surface that attackers can target to subvert the entire systems. In this paper, we present MINION, a security architecture that intends to virtually partition the memory space and enforce memory access control of a real-time microcontroller. MINION can automatically identify the reachable memory regions of realtime processes through off-line static analysis on the system’s firmware and conduct run-time memory access control through hardware-based enforcement. Our evaluation results demonstrate that, by significantly reducing the memory space that each process can access, MINION can effectively protect a microcontroller from various attacks that were previously viable. In addition, unlike conventional memory isolation mechanisms that might incur substantial performance overhead, the lightweight design of MINION is able to maintain the real-time properties of the microcontroller.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"90","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/NDSS.2018.23107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 90

Abstract

Real-time microcontrollers have been widely adopted in cyber-physical systems that require both real-time and security guarantees. Unfortunately, security is sometimes traded for real-time performance in such systems. Notably, memory isolation, which is one of the most established security features in modern computer systems, is typically not available in many real-time microcontroller systems due to its negative impacts on performance and violation of real-time constraints. As such, the memory space of these systems has created an open, monolithic attack surface that attackers can target to subvert the entire systems. In this paper, we present MINION, a security architecture that intends to virtually partition the memory space and enforce memory access control of a real-time microcontroller. MINION can automatically identify the reachable memory regions of realtime processes through off-line static analysis on the system’s firmware and conduct run-time memory access control through hardware-based enforcement. Our evaluation results demonstrate that, by significantly reducing the memory space that each process can access, MINION can effectively protect a microcontroller from various attacks that were previously viable. In addition, unlike conventional memory isolation mechanisms that might incur substantial performance overhead, the lightweight design of MINION is able to maintain the real-time properties of the microcontroller.
通过自定义内存视图切换保护实时微控制器系统
实时微控制器被广泛应用于需要实时和安全保证的网络物理系统中。不幸的是,在这样的系统中,安全性有时会以实时性能为代价。值得注意的是,内存隔离是现代计算机系统中最成熟的安全特性之一,由于其对性能的负面影响和违反实时约束,在许多实时微控制器系统中通常不可用。因此,这些系统的内存空间创造了一个开放的、单一的攻击面,攻击者可以瞄准它来破坏整个系统。在本文中,我们提出了MINION,一种安全架构,旨在虚拟分区内存空间并强制实时微控制器的内存访问控制。MINION可以通过对系统固件的离线静态分析自动识别实时进程的可访问内存区域,并通过基于硬件的强制执行进行运行时内存访问控制。我们的评估结果表明,通过显著减少每个进程可以访问的内存空间,MINION可以有效地保护微控制器免受以前可行的各种攻击。此外,与可能导致大量性能开销的传统内存隔离机制不同,MINION的轻量级设计能够保持微控制器的实时特性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信