Abstract. With the rapid development of embedded systems, the systems' security has become more and more important. Most embedded systems are at the risk of series of software attacks, such as buffer overflow attack, Trojan virus. In addition, with the rapid growth in the number of embedded systems and wide application, followed embedded hardware attacks are also increasing. This paper presents a new hardware assisted security mechanism to protect the program's code and data, monitoring its normal execution. The mechanism mainly monitors three types of information: the start/end address of the program of basic blocks; the lightweight hash value in basic blocks and address of the next basic block. These parameters are extracted through additional tools running on PC. The information will be stored in the security module. During normal program execution, the security module is designed to compare the real-time state of program with the information in the security module. If abnormal, it will trigger the appropriate security response, suspend the program and jump to the specified location. The module has been tested and validated on the SOPC with OR1200 processor. The experimental analysis shows that the proposed mechanism can defence a wide range of common software and physical attacks with low performance penalties and minimal overheads.
Embedded security monitoring module is a dedicated hardware that runs parallel with the embedded processor, which is used to monitor the integrity of the data and code to enhance program execution security of embedded system. It uses hardware-supported methods computing a hash value of instructions with the hash algorithm as an official reference value to prevent malicious attacks on the program code. This paper analyzed possible hash algorithm attacks on instructions, and did the prevention research for the most effective attack, the Rainbow table. In this paper we designed a protection mechanism by adding the interference information to each of instructions, making the attacker's burden greatly increase, so as to enhance the security of monitoring model, and to achieve protection of instruction information.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.