{"title":"嵌入式设备中的设备驱动程序和系统调用隔离","authors":"Maja Malenko, M. Baunach","doi":"10.1109/DSD.2019.00049","DOIUrl":null,"url":null,"abstract":"The number of low-end embedded devices in today's Internet of Things and Cyber-Physical Systems is increasing along with their security concerns. Memory isolation mechanisms are often absent, programming flaws lead to malfunctioning applications, which in turn can crush the whole system. A common design approach in these devices is to have applications, operating system components, and device driver libraries reside in a single non-isolated address space, which represents one vast attack surface. Furthermore, with increasing network connectivity and frequent dynamic updates, new or modified applications and services are uploaded, opening space for even more attacks. Isolating the execution of applications in these systems is still a challenge. In this work we provide a holistic hardware/software co-designed approach for memoryisolation, which prevents corruption of the state of the operating system and applications from a buggy software, including device drivers, interrupt service routines, and misused system calls. We implemented low-cost architectural extensions in a RISC-V-based microcontroller which work together with kernel-based protection concepts. Our evaluation shows that applications as well as the kernel can enjoy the benefits of the proposed memory isolation with minimal impact on performance and an insignificant increase in the area of the MCU.","PeriodicalId":217233,"journal":{"name":"2019 22nd Euromicro Conference on Digital System Design (DSD)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Device Driver and System Call Isolation in Embedded Devices\",\"authors\":\"Maja Malenko, M. Baunach\",\"doi\":\"10.1109/DSD.2019.00049\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The number of low-end embedded devices in today's Internet of Things and Cyber-Physical Systems is increasing along with their security concerns. Memory isolation mechanisms are often absent, programming flaws lead to malfunctioning applications, which in turn can crush the whole system. A common design approach in these devices is to have applications, operating system components, and device driver libraries reside in a single non-isolated address space, which represents one vast attack surface. Furthermore, with increasing network connectivity and frequent dynamic updates, new or modified applications and services are uploaded, opening space for even more attacks. Isolating the execution of applications in these systems is still a challenge. In this work we provide a holistic hardware/software co-designed approach for memoryisolation, which prevents corruption of the state of the operating system and applications from a buggy software, including device drivers, interrupt service routines, and misused system calls. We implemented low-cost architectural extensions in a RISC-V-based microcontroller which work together with kernel-based protection concepts. Our evaluation shows that applications as well as the kernel can enjoy the benefits of the proposed memory isolation with minimal impact on performance and an insignificant increase in the area of the MCU.\",\"PeriodicalId\":217233,\"journal\":{\"name\":\"2019 22nd Euromicro Conference on Digital System Design (DSD)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 22nd Euromicro Conference on Digital System Design (DSD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSD.2019.00049\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 22nd Euromicro Conference on Digital System Design (DSD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSD.2019.00049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Device Driver and System Call Isolation in Embedded Devices
The number of low-end embedded devices in today's Internet of Things and Cyber-Physical Systems is increasing along with their security concerns. Memory isolation mechanisms are often absent, programming flaws lead to malfunctioning applications, which in turn can crush the whole system. A common design approach in these devices is to have applications, operating system components, and device driver libraries reside in a single non-isolated address space, which represents one vast attack surface. Furthermore, with increasing network connectivity and frequent dynamic updates, new or modified applications and services are uploaded, opening space for even more attacks. Isolating the execution of applications in these systems is still a challenge. In this work we provide a holistic hardware/software co-designed approach for memoryisolation, which prevents corruption of the state of the operating system and applications from a buggy software, including device drivers, interrupt service routines, and misused system calls. We implemented low-cost architectural extensions in a RISC-V-based microcontroller which work together with kernel-based protection concepts. Our evaluation shows that applications as well as the kernel can enjoy the benefits of the proposed memory isolation with minimal impact on performance and an insignificant increase in the area of the MCU.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
