Design of a tailor-made memory protection unit for low power microcontrollers

Stecklina, Oliver; Langendoerfer, Peter; Menzel, Hannes

doi:10.1109/sies.2013.6601495

Cited by 7 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In low power microcontroller, the overall application memory layout is simple and quite static [33]. On the other hand, static memory allocation is not a prerequisite of our protection system, which is able to comply with forms of dynamic memory allocation as well.…”

Section: Discussionmentioning

confidence: 99%

“…In [33], it is assumed that in a low power microcontroller the overall application memory layout is simple and quite static, suggesting a trade-off between hardware cost and usability to fix the maximum number of individual software activities. A protection scheme is proposed that takes advantage of a memory protection unit implementing a segmented view of the address space.…”

Section: Ad-hoc Hardware For Memory Protectionmentioning

confidence: 99%

See 1 more Smart Citation

Memory protection in embedded systems

Lopriore

2016

Journal of Systems Architecture

View full text Add to dashboard Cite

With reference to an embedded system featuring no support for memory management, we present a model of a protection system based on passwords. At the hardware level, our model takes advantage of a memory protection unit (MPU) interposed between the processor and the complex of the main memory and the input-output devices. The MPU supports both concepts of a protection context and a protection domain. A protection context is a set of access rights for the memory pages; a protection domain is a set of one or more protection contexts. Passwords are associated with protection domains. A process that holds a given password can take advantage of this password to activate the corresponding domain. A small set of protection primitives makes it possible to modify the composition of the domains in a strictly controlled fashion.\ud The proposed protection model is evaluated from a number of important viewpoints, which include password distribution, review and revocation, the memory requirements for storage of the information concerning protection, and the time necessary for password validation

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Ad-hoc Hardware For Memory Protectionmentioning

confidence: 99%

Memory protection in embedded systems

Lopriore

2016

Journal of Systems Architecture

View full text Add to dashboard Cite

show abstract

“…We will introduce the system in detail in Section 7. [SLM13]. The results of the Master's thesis of Hannes Menzel were taken by Erik Bergmann to provide a framework for an isolation of software activities on these class of devices.…”

Section: Publications Related To This Workmentioning

confidence: 99%

“…It is not possible to tailor the size of any of these memories to the application needs. We have already implemented the concept of an internal storage for an MSP430 MCU [Men10,SLM13]. We limited the number of segments to 128 and the size of the SAID to 4 bit.…”

Section: Internal Storagementioning

confidence: 99%

A secure isolation of software activities in tiny scale systems

Stecklina

2015

2015 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops)

Self Cite

View full text Add to dashboard Cite

With the introduction of the Internet at the end of the last century the modern society was fundamentally changed. Computer systems became an element of nearly all parts of our daily live. Due to the interconnection of these systems local borders are mostly vanished, so that information is accessible and exchangeable anywhere and at anytime. But this increased connectivity causes that physical fences are not longer an adequate protection for computer systems. Whereas the security of commodity computer systems was improved continuously and similarly with their increased connectivity, deeply embedded systems were then and now mostly protected by physical fences. But the ubiquitous availability of embedded systems in personal and commercial environments makes these systems likewise accessible and moves them strongly into the focus of security investigations. Deeply embedded systems are usually equipped with tiny scale micro controllers, which are limited in their available resources and do not feature secure mechanisms to isolate system resources. Hence, a single error in a local software component is not limited to the component itself, instead the complete system may be influenced. The lack of resource isolation makes tiny scale systems prone for accidental errors but in particular vulnerable for a broad variety of malicious software. For a safe and secure operation of computer systems it is strongly recommended that software components are isolated in such a manner that they have access only to those resources, which are assigned to them. Even though a substantial number of approaches in the context of embedded system's safety were investigated during the last fifteen years, security was mostly neglected. This thesis is focused on security aspects where malicious software wittingly tries to bypass available protection mechanisms. The thesis introduces a security platform for tiny scale systems that enforces an isolation of software components considering security aspects. Due to the limited resources of tiny scale systems the proposed solution is based on a co-design process that takes the static and predefined nature of deeply embedded systems into account and includes hardware, compile-time, and run-time partitions to reduce the number of additional run-time components, to avoid performance drawbacks, and to minimize the memory as well as the components footprint overhead. To prove the applicability of the presented platform it was applied and evaluated with two real applications.In addition, an investigation of technologies of commodity computer systems that are suitable to build secure systems is presented. The thesis analyzes their enforcement based on the features provided by the introduced security platform. The contributions of this thesis include an enforcement of a security isolation of system resources on tiny scale systems and enable the development of a broad variety of secure tiny scale system applications.

show abstract

“…Modern lightweight embedded systems have become more complex and contain different hardware components with access to a system memories. The Arm MPU and the likes [2]- [4] are optional hardware components in some cores used to protect the memory in lightweight devices. These MPUs are less complex than the MMUs and have security and safety limitations.…”

Section: Introductionmentioning

confidence: 99%

Toubkal: A Flexible and Efficient Hardware Isolation Module for Secure Lightweight Devices

Sensaoui¹,

Hély²,

Aktouf³

2019

2019 15th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

Toubkal is a new hardware architecture which provides secure, efficient and flexible hardware isolation. It is a modular system that offers strong separation of different hardware modules within a system. Lightweight devices use mainly a Memory Protection Unit (MPU) to protect the memory and create an isolation architecture. However, the MPU offers only a memory control access for the software running on the system. This scheme does not prevent other hardware components from accessing system memories. Toubkal aims to enhance these MPU architectures by adding a new hardware layer to create different access environments for different hardware components. Toubkal has been designed in such a way that it can easily be adapted to the system needs in terms of security, safety and performances. It does not require any change in the existing hardware modules. We present a detailed description of the architecture, then we compare and discuss run-time, area overhead as well as security limitations using different policies and options. The first experimental hardware module increases between 0.08% and 8.5% a single core Rocket Chip cells area.

show abstract

Design of a tailor-made memory protection unit for low power microcontrollers

Cited by 7 publications

References 11 publications

Memory protection in embedded systems

Memory protection in embedded systems

A secure isolation of software activities in tiny scale systems

Toubkal: A Flexible and Efficient Hardware Isolation Module for Secure Lightweight Devices

Contact Info

Product

Resources

About