Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems
Pages 16 - 22
Abstract
Embedded and Internet of Things (IoT) devices are increasingly ubiquitous and process increasingly sensitive data. As a result, such devices must uphold security in addition to functional safety to avoid unintended information leaks. To react this change of environment, developers deploy conventional mechanisms such as memory isolation and priority scheduling to achieve aforementioned goals. While such techniques are resilient against attacks that endanger a device's functional safety, they are less effective in maintaining security as they ignore information leaks through timing channels, such as through scheduling policy and implicit microarchitectural state. Recent advances in timing-safe systems, in turn, limit themselves to time-shared systems without parallelism. This is problematic in the face of responsiveness and real-time constraints which are often found in embedded devices.
This paper explores timing-safety in the space of parallel systems. We introduce Bridge, a new system architecture featuring multiple tasks with different security concerns that can execute in parallel without leaking information due to timing interference.
References
[1]
Dakshi Agrawal, Bruce Archambeault, Josyula R Rao, and Pankaj Rohatgi. 2003. The EM side---channel (s). In Cryptographic Hardware and Embedded Systems-CHES 2002:4th International Workshop Redwood Shores, CA, USA, August 13-15, 2002 Revised Papers 4. Springer, 29--45.
[2]
Andrew Baumann, Paul Barham, Pierre-Evariste Dagand, Tim Harris, Rebecca Isaacs, Simon Peter, Timothy Roscoe, Adrian Schüpbach, and Akhilesh Singhania. 2009. The multikernel: a new OS architecture for scalable multicore systems. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (Big Sky, Montana, USA) (SOSP '09). Association for Computing Machinery, New York, NY, USA, 29--44. https://doi.org/10.1145/1629575.1629579
[3]
David Cock, Qian Ge, Toby Murray, and Gernot Heiser. 2014. The Last Mile: An Empirical Study of Timing Channels on seL4. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS '14). Association for Computing Machinery, New York, NY, USA, 570--581. https://doi.org/10.1145/2660267.2660294
[4]
Dorothy E. Denning. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (may 1976), 236--243. https://doi.org/10.1145/360051.360056
[5]
Qian Ge, Yuval Yarom, Tom Chothia, and Gernot Heiser. 2019. Time Protection: The Missing OS Abstraction. In Proceedings of the Fourteenth EuroSys Conference 2019 (Dresden, Germany) (EuroSys '19). Association for Computing Machinery, New York, NY, USA, Article 1, 17 pages. https://doi.org/10.1145/3302424.3303976
[6]
W.-M. Hu. 1991. Reducing timing channels with fuzzy time. In Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy. 8--20. https://doi.org/10.1109/RISP.1991.130768
[7]
W.-M. Hu. 1992. Lattice scheduling and covert channels. In Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy. 52--61. https://doi.org/10.1109/RISP.1992.213271
[8]
Michael Hutter and Jörn-Marc Schmidt. 2014. The Temperature Side Channel and Heating Fault Attacks. In Smart Card Research and Advanced Applications: 12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers (Berlin, Germany). Springer-Verlag, Berlin, Heidelberg, 219--235. https://doi.org/10.1007/978-3-319-08302-5_15
[9]
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19).
[10]
Boris Köpf and Markus Dürmuth. 2009. A Provably Secure and Efficient Countermeasure against Timing Attacks. In 2009 22nd IEEE Computer Security Foundations Symposium. 324--335. https://doi.org/10.1109/CSF.2009.21
[11]
Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles (Shanghai, China) (SOSP '17). Association for Computing Machinery, New York, NY, USA, 234--251. https://doi.org/10.1145/3132747.3132786
[12]
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18).
[13]
Rita Mayer-Sommer. 2000. Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards. In Cryptographic Hardware and Embedded Systems - CHES 2000, Second International Workshop, Worcester, MA, USA, August 17-18, 2000, Proceedings (Lecture Notes in Computer Science, Vol. 1965). Springer, 78--92. https://doi.org/10.1007/3- 540-44499-8_6
[14]
Marcelo Orenes-Vera, Hyunsung Yun, Nils Wistoff, Gernot Heiser, Luca Benini, David Wentzlaff, and Margaret Martonosi. 2023. AutoCC: Automatic Discovery of Covert Channels in Time-Shared Hardware. In Proceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture (Toronto, ON, Canada) (MICRO '23). Association for Computing Machinery, New York, NY, USA, 871--885. https://doi.org/10.1145/3613424.3614254
[15]
Charles Papon. 2024. VexRiscv. https://github.com/SpinalHDL/VexRiscv. Accessed: 2024-08-16.
[16]
Raspberry Pi Ltd. 2024. RP2040 Datasheet. https://datasheets.raspberrypi.com/rp2040/rp2040-datasheet.pdf Revision 576cee3-clean, retrieved at 2024-08-16.
[17]
Federico Reghenzani, Giuseppe Massari, and William Fornaciari. 2019. The Real-Time Linux Kernel: A Survey on PREEMPT_RT. ACM Comput. Surv. 52, 1, Article 18 (feb 2019), 36 pages. https://doi.org/10.1145/3297714
[18]
Ryan Torok and Amit Levy. 2023. Only Pay for What You Leak: Leveraging Sandboxes for a Minimally Invasive Browser Fingerprinting Defense. In 2023 IEEE Symposium on Security and Privacy (SP). 1023--1040. https://doi.org/10.1109/SP46215.2023.10179385
[19]
Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher, and David Kohlbrenner. 2022. Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 679--697. https://www.usenix.org/conference/usenixsecurity22/presentation/wang-yingchen
[20]
Nils Wistoff, Moritz Schneider, Frank K. Gürkaynak, Luca Benini, and Gernot Heiser. 2021. Microarchitectural Timing Channels and their Prevention on an Open-Source 64-bit RISC-V Core. In 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE). 627--632. https://doi.org/10.23919/DATE51398.2021.9474214
[21]
WITTENSTEIN High Integrity Systems Ltd. 2024. SafeRTOS. https://www.highintegritysystems.com/safertos/. Accessed: 2024-07-01.
[22]
Zephyr Project Contributors. 2024. The Zephyr Project. https://www.zephyrproject.org/. Accessed: 2024-07-03.
[23]
Rui Zhang, Xiaojun Su, Jianping Wang, Cong Wang, Wenyin Liu, and Rynson W. H. Lau. 2015. On Mitigating the Risk of Cross-VM Covert Channels in a Public Cloud. IEEE Trans. Parallel Distrib. Syst. 26, 8 (aug 2015), 2327--2339. https://doi.org/10.1109/TPDS.2014.2346504
[24]
Ziqiao Zhou, Yizhou Shan, Weidong Cui, Xinyang Ge, Marcus Peinado, and Andrew Baumann. 2023. Core slicing: closing the gap between leaky confidential VMs and bare-metal cloud. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23). USENIX Association, Boston, MA, 247--267. https://www.usenix.org/conference/osdi23/presentation/zhou-ziqiao
Index Terms
- Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems
Recommendations
Embedded Software Assurance for Configuring Secure Hardware
The recent development of high-security processors and hardware is substantially changing embedded software tools, shedding light on security in the embedded development environment. The process of developing, certifying, and implementing a secure ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2024
34 pages
ISBN:9798400713019
DOI:10.1145/3698576
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 November 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
SOSP '24
Sponsor:
SOSP '24: ACM SIGOPS 30th Symposium on Operating Systems Principles
November 3 - 6, 2024
TX, Austin, USA
Upcoming Conference
SOSP '25
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 89Total Downloads
- Downloads (Last 12 months)89
- Downloads (Last 6 weeks)89
Reflects downloads up to 11 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in