The ubiquitous presence of embedded devices coupled with their low processing power and finite energy creates unique challenges in the security of embedded systems. Critical infrastructures that utilize embedded systems, such as Manufacturing and Energy, are only as secure as their most vulnerable embedded component. Embedded systems don't require human interaction and often run without any human feedback. Operating in such a fashion dictates the need for trustworthy execution of embedded system functions. Embedded Systems Security is an offset of Computer Security, but given the unique application and computing requirements of embedded systems, traditional solutions aren't able to provide relief from cyber attacks targeted at embedded devices. Software Control Flow (CF) attacks targeted at exploiting vulnerabilities, such as buffer overflow, modify the CF of an executing embedded binary potentially leading to unauthorized results, allowing an attacker to obtain their objective and causing harm to the embedded system's environment. Software based Control Flow Integrity (CFI)solutions are available for embedded processors, but come with a run-time overhead inconducive to a real-time environment. Hardware-based CFI violation detectors have been researched and tested, but real-time low-end embedded systems continue to lack end to end detection, response, recovery, and tamper evidence collection mechanisms to protect against CFI violation type security attacks. Discussed is the Embedded Device Integrated Instruction Integrity and Control Flow Protection (EDI3CFP) and Embedded Device Integrated Control Flow Protection (EDICFP), a conceptual solution and its subset implemented on a Xilinx Field Programmable Gate Array (FPGA). EDI3CFP and EDICFP augment a low end Harvard Architecture 8-bit Alf and Vegard RISC (AVR) soft-core processor with hardware-based CFI detection, response, recovery, and tamper evidence collection mechanisms. Not implemented, EDI3CFP focuses on code injection attack and Code Reuse Attack (CRA) types while the implemented EDICFP focuses on CRAs. A design is presented for EDI3CFP through alterations to EDICFP, discussing additional resources required by its subsystems. Test results show EDICFP can detect CF violations, halt the execution of the violated instruction, recover the AVR soft-core, and collect information on the attack in order to avoid present and future harm to the embedded system and its environment. Area utilization measurements and execution performance calculations are also presented and discussed for EDICFP.
- Hardware based embedded systems security
- Patrick R. DaSilva
- 0000-0003-4032-9161
- Paul J Fortier (Advisor) - University of Massachusetts Dartmouth, Department of Electrical and Computer EngineeringHong Liu (Committee Member) - University of Massachusetts Dartmouth, Department of Electrical and Computer EngineeringBenjamin Viall (Committee Member) - University of Massachusetts DartmouthHonggang Wang (Committee Member) - University of Massachusetts Dartmouth, Department of Electrical and Computer EngineeringJoseph Gabriel (Committee Member) - Naval Undersea Warfare Center
- xvi, 147 pages
- illustrations
- List of figures -- List of tables -- List of acronyms -- Chapter 1. Introduction -- Significance of topic -- Problem statement -- Solution summary -- Contributions to the field -- Chapter 2. Technical background -- Computer security to embedded systems security -- Embedded systems security challenges -- Embedded systems security makeup -- Embedded systems security incident taxonomy -- Embedded system attacks -- Hardware-based control flow integrity -- Embedded system response, recovery, and tamper evidence -- Chapter 3. System design concepts -- Threat model and assumptions -- Basic block table and system configuration settings -- Detection -- Response and recovery -- Tamper evidence collection -- Chapter 4. Hardware design and implementation -- Hardware configuration -- Detection -- Response and recovery -- Tamper evidence collection -- Chapter 5. Research results -- Testing -- Area Utilization -- Execution performance -- Chapter 6. Conclusions and future work -- References.
- Includes bibliographical references (pages 138-147).
- University of Massachusetts Dartmouth
- Doctor of Philosophy (PHD)
- Electrical Engineering
- Department of Electrical and Computer Engineering
- English
- Dissertation
- Copyright 2021 Patrick R. DaSilva
- https://doi.org/10.62791/19780
- 9914424775301301