A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems
As technology evolves, embedded systems access more networks and devices, which means more security threats. Existing security-monitoring methods with a single parameter (data or control flow) are not effective in detecting attackers tampering with the data or control flow of an embedded system. How...
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-08-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/12/15/7750 |
| _version_ | 1827618536529330176 |
|---|---|
| author | Qiang Hao Zhun Zhang Dongdong Xu Jiqing Wang Jiakang Liu Jinlei Zhang Jinhui Ma Xiang Wang |
| author_facet | Qiang Hao Zhun Zhang Dongdong Xu Jiqing Wang Jiakang Liu Jinlei Zhang Jinhui Ma Xiang Wang |
| author_sort | Qiang Hao |
| collection | DOAJ |
| description | As technology evolves, embedded systems access more networks and devices, which means more security threats. Existing security-monitoring methods with a single parameter (data or control flow) are not effective in detecting attackers tampering with the data or control flow of an embedded system. However, simply overlaying multiple security methods will result in excessive performance overhead for embedded systems. In this paper, we propose a novel hardware security-monitoring architecture that extracts DI (data integrity) digests and CFI (control flow integrity) tags to generate reference information when the program is offline. To monitor the indirect jumping behavior, this paper maps the legal target addresses into the bitmap, thus saving the search time. When the program is loaded, the reference information and the bitmap are safely loaded into the on-chip memory. The hardware monitoring module designed in this paper will check the DI summary and CFI tags in real time while executing the program. The architecture proposed in this paper has been implemented on the Xilinx Virtex 5 FPGA platform. Experimental results show that, compared with existing protection methods, the proposed approach in this paper can effectively detect multiple tampering-type attacks on the data and control flow of the embedded system, with a performance overhead of about 6%. |
| first_indexed | 2024-03-09T10:10:00Z |
| format | Article |
| id | doaj.art-f012edc6679e4aebb73632cbade20908 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-09T10:10:00Z |
| publishDate | 2022-08-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-f012edc6679e4aebb73632cbade209082023-12-01T22:50:48ZengMDPI AGApplied Sciences2076-34172022-08-011215775010.3390/app12157750A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded SystemsQiang Hao0Zhun Zhang1Dongdong Xu2Jiqing Wang3Jiakang Liu4Jinlei Zhang5Jinhui Ma6Xiang Wang7School of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaSchool of Electronic and Information Engineering, Beihang University, Beijing 100191, ChinaAs technology evolves, embedded systems access more networks and devices, which means more security threats. Existing security-monitoring methods with a single parameter (data or control flow) are not effective in detecting attackers tampering with the data or control flow of an embedded system. However, simply overlaying multiple security methods will result in excessive performance overhead for embedded systems. In this paper, we propose a novel hardware security-monitoring architecture that extracts DI (data integrity) digests and CFI (control flow integrity) tags to generate reference information when the program is offline. To monitor the indirect jumping behavior, this paper maps the legal target addresses into the bitmap, thus saving the search time. When the program is loaded, the reference information and the bitmap are safely loaded into the on-chip memory. The hardware monitoring module designed in this paper will check the DI summary and CFI tags in real time while executing the program. The architecture proposed in this paper has been implemented on the Xilinx Virtex 5 FPGA platform. Experimental results show that, compared with existing protection methods, the proposed approach in this paper can effectively detect multiple tampering-type attacks on the data and control flow of the embedded system, with a performance overhead of about 6%.https://www.mdpi.com/2076-3417/12/15/7750embedded systemsecurity monitoringdata integrity (DI)control flow integrity (CFI) |
| spellingShingle | Qiang Hao Zhun Zhang Dongdong Xu Jiqing Wang Jiakang Liu Jinlei Zhang Jinhui Ma Xiang Wang A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems Applied Sciences embedded system security monitoring data integrity (DI) control flow integrity (CFI) |
| title | A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems |
| title_full | A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems |
| title_fullStr | A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems |
| title_full_unstemmed | A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems |
| title_short | A Hardware Security-Monitoring Architecture Based on Data Integrity and Control Flow Integrity for Embedded Systems |
| title_sort | hardware security monitoring architecture based on data integrity and control flow integrity for embedded systems |
| topic | embedded system security monitoring data integrity (DI) control flow integrity (CFI) |
| url | https://www.mdpi.com/2076-3417/12/15/7750 |
| work_keys_str_mv | AT qianghao ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT zhunzhang ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT dongdongxu ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jiqingwang ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jiakangliu ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jinleizhang ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jinhuima ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT xiangwang ahardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT qianghao hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT zhunzhang hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT dongdongxu hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jiqingwang hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jiakangliu hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jinleizhang hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT jinhuima hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems AT xiangwang hardwaresecuritymonitoringarchitecturebasedondataintegrityandcontrolflowintegrityforembeddedsystems |