The hardware security of embedded systems is raising more and more concerns in numerous safety-critical applications, such as in the automotive, aerospace, avionic, and railway systems. Embedded systems are gaining popularity in these safety-sensitive sectors with high performance, low power, and great reliability, which are ideal control platforms for executing instruction operation and data processing. However, modern embedded systems are still exposing many potential hardware vulnerabilities to malicious attacks, including software-level and hardware-level attacks; these can cause program execution failure and confidential data leakage. For this reason, this paper presents a novel embedded system by integrating a hardware-assisted security monitoring unit (SMU), for achieving a reinforced system-on-chip (SoC) on ensuring program execution and data processing security. This architecture design was implemented and evaluated on a Xilinx Virtex-5 FPGA development board. Based on the evaluation of the SMU hardware implementation in terms of performance overhead, security capability, and resource consumption, the experimental results indicate that the SMU does not lead to a significant speed degradation to processor while executing different benchmarks, and its average performance overhead reduces to 2.18% on typical 8-KB I/D-Caches. Security capability evaluation confirms the monitoring effectiveness of SMU against both instruction and data tampering attacks. Meanwhile, the SoC satisfies a good balance between high-security and resource overhead.
Embedded systems are increasingly applied in numerous security-sensitive applications, such as industrial controls, railway transports, intelligent vehicles, avionics and aerospace. However, embedded systems are compromised in the execution of untrusted programs, where the instructions could be maliciously tampered with to cause unintended behaviors or program execution failures. Particularly for remote-controlled embedded systems, program execution monitoring and instruction fault self-repair are important to avoid unintended behaviors and execution interruptions. Therefore, this paper presents a hardware-enhanced embedded system with the integration of a Security Processing Unit (SPU) in which integrity signature checking and checkpoint-rollback mechanisms are coupled to achieve real-time program execution monitoring and instruction fault self-repairing. This System-on-Chip (SoC) design was implemented and validated on the Xilinx Virtex-5 FPGA development platform. Based on the evaluation of the SPU in terms of the performance overhead, security capability, and resource consumption, the experimental results show that, while the CPU executes different benchmarks, the average performance overhead of the SPU lowers to 1.92% at typical 8-KB I/D caches, and it provides both program monitoring and fault self-repairing capabilities. Unlike conventional hardware detection technologies that require manual handling to recovery program executions, the CPU–SPU collaborative SoC is a resilient architecture equipped with instruction tampering detection and a post-detection strategy of instruction fault self-repairing. Moreover, the embedded system satisfies a good balance between high security and resource consumption.
As technology evolves, embedded systems access more networks and devices, which means more security threats. Existing security-monitoring methods with a single parameter (data or control flow) are not effective in detecting attackers tampering with the data or control flow of an embedded system. However, simply overlaying multiple security methods will result in excessive performance overhead for embedded systems. In this paper, we propose a novel hardware security-monitoring architecture that extracts DI (data integrity) digests and CFI (control flow integrity) tags to generate reference information when the program is offline. To monitor the indirect jumping behavior, this paper maps the legal target addresses into the bitmap, thus saving the search time. When the program is loaded, the reference information and the bitmap are safely loaded into the on-chip memory. The hardware monitoring module designed in this paper will check the DI summary and CFI tags in real time while executing the program. The architecture proposed in this paper has been implemented on the Xilinx Virtex 5 FPGA platform. Experimental results show that, compared with existing protection methods, the proposed approach in this paper can effectively detect multiple tampering-type attacks on the data and control flow of the embedded system, with a performance overhead of about 6%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.