Integrated hardware/software approaches to software security for embedded systems

Software security remains a daunting problem and introduces even more challenges in the context of embedded systems. Their small size and pervasive use makes them vulnerable to physical attacks which can be launched after capture by an adversary and can defeat the typical security mechanisms, for remote network-based attacks. This thesis addresses the problem of protecting embedded software systems from physical attacks. Our research focuses on systems in which instructions and data are encrypted in memory and decrypted in the processor to minimize exposure to hardware sniffing or information leakage. However, several attacks on application code and data are still possible on such systems when the attacker has physical access to the system. Past approaches to this problem have provided hardware solutions, which require changes to the processor micro-architecture and the instruction set architecture. We propose an integrated hardware and software approach which requires no such changes. We design and combine novel techniques in the areas of compilers, architectures, and software security to provide a high level of security and user transparency. The architectural innovation stems from the use of an on-chip secure hardware component to implement our run-time security measures. For this purpose use an on-chip Field Programmable Gate Array (FPGA), an architecture that is now commonly available on many processor chips. By implementing all our security primitives on the FPGA we do not require any changes to the processor micro-architecture, the ISA or the memory organization. In our approach, a compiler-based software tool instruments executables and an on-chip FPGA-based hardware component provides run-time integrity and authorization checking on the executable code and application data. The use of an FPGA provides security services in a platform-independent manner and enables us to carry out application-specific compiler-driven protections. The compiler provides user transparency by hiding security details from software developers. We provide a cycle-accurate architecture simulator infrastructure to implement our techniques and to evaluate the performance impact of our approach. The low performance penalties, for high levels of code and data security, observed in our experimental results validate our approach.