CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Cycle-accurate power analysis for multiprocessor systems-on-a-chip
Proceedings of the 14th ACM Great Lakes symposium on VLSI
The future of multiprocessor systems-on-chips
Proceedings of the 41st annual Design Automation Conference
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
Hardware support for code integrity in embedded processors
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
IMPRES: integrated monitoring for processor reliability and security
Proceedings of the 43rd annual Design Automation Conference
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Physical unclonable functions for device authentication and secret key generation
Proceedings of the 44th annual Design Automation Conference
Design methodology for pipelined heterogeneous multiprocessor system
Proceedings of the 44th annual Design Automation Conference
Ensuring secure program execution in multiprocessor embedded systems: a case study
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
SHIELD: a software hardware design methodology for security and reliability of MPSoCs
Proceedings of the 45th annual Design Automation Conference
CUFFS: an instruction count based architectural framework for security of MPSoCs
Proceedings of the Conference on Design, Automation and Test in Europe
| Hi-index | 0.01 |
Security is a growing concern in processor based systems and hence requires immediate attention. New paradigms in the design of MPSoCs must be found, with security as one of the primary objectives. Software attacks like Code Injection Attacks exploit vulnerabilities in "trusted" code. Previous countermeasures addressing code injection attacks in MPSoCs have significant performance overheads and do not check every single line of code. The work described in this paper has reduced performance overhead and ensures that all the lines in the program code are checked. We propose an MPSoC system where one processor (which we call a MONITOR processor) is responsible for supervising all other application processors. Our design flow, LOCS, instruments and profiles the execution of basic blocks in the program. LOCS subsequently uses the profiler output to re-instrument the source files to minimize runtime overheads. LOCS also aids in the design of hardware customizations required by the MONITOR. At runtime, the MONITOR checks the validity of the control flow transitions and the execution time of basic blocks. We implemented our system on a commercial extensible processor, Xtensa LX2, and tested it on three multimedia benchmarks. The experiments show that our system has the worst-case performance degradation of about 24% and an area overhead of approximately 40%. LOCS has smaller performance, area and code size overheads than all previous code injection countermeasures for MPSoCs.