Hardware-Based Run-Time Code Integrity in Embedded Devices
Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2018-08-01
|
| Series: | Cryptography |
| Subjects: | |
| Online Access: | http://www.mdpi.com/2410-387X/2/3/20 |
| _version_ | 1811301312783974400 |
|---|---|
| author | Taimour Wehbe Vincent Mooney David Keezer |
| author_facet | Taimour Wehbe Vincent Mooney David Keezer |
| author_sort | Taimour Wehbe |
| collection | DOAJ |
| description | Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device’s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely. |
| first_indexed | 2024-04-13T07:06:27Z |
| format | Article |
| id | doaj.art-4a9f3cc3dd754bdb9a270314c30d6d01 |
| institution | Directory Open Access Journal |
| issn | 2410-387X |
| language | English |
| last_indexed | 2024-04-13T07:06:27Z |
| publishDate | 2018-08-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Cryptography |
| spelling | doaj.art-4a9f3cc3dd754bdb9a270314c30d6d012022-12-22T02:56:58ZengMDPI AGCryptography2410-387X2018-08-01232010.3390/cryptography2030020cryptography2030020Hardware-Based Run-Time Code Integrity in Embedded DevicesTaimour Wehbe0Vincent Mooney1David Keezer2School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USASchool of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USASchool of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USAAttacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device’s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely.http://www.mdpi.com/2410-387X/2/3/20embedded systems securityhardware-based malware detectionrun-time monitoringcode modificationsecurity threatsField Programmable Gate Arrays (FPGA) |
| spellingShingle | Taimour Wehbe Vincent Mooney David Keezer Hardware-Based Run-Time Code Integrity in Embedded Devices Cryptography embedded systems security hardware-based malware detection run-time monitoring code modification security threats Field Programmable Gate Arrays (FPGA) |
| title | Hardware-Based Run-Time Code Integrity in Embedded Devices |
| title_full | Hardware-Based Run-Time Code Integrity in Embedded Devices |
| title_fullStr | Hardware-Based Run-Time Code Integrity in Embedded Devices |
| title_full_unstemmed | Hardware-Based Run-Time Code Integrity in Embedded Devices |
| title_short | Hardware-Based Run-Time Code Integrity in Embedded Devices |
| title_sort | hardware based run time code integrity in embedded devices |
| topic | embedded systems security hardware-based malware detection run-time monitoring code modification security threats Field Programmable Gate Arrays (FPGA) |
| url | http://www.mdpi.com/2410-387X/2/3/20 |
| work_keys_str_mv | AT taimourwehbe hardwarebasedruntimecodeintegrityinembeddeddevices AT vincentmooney hardwarebasedruntimecodeintegrityinembeddeddevices AT davidkeezer hardwarebasedruntimecodeintegrityinembeddeddevices |