Article

Micro embedded monitoring for security in application specific instruction-set processors

Authors:

Roshan G. Ragel,

Sri Parameswaran,

Sayed Mohammad KiaAuthors Info & Claims

CASES '05: Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems

Pages 304 - 314

https://doi.org/10.1145/1086297.1086337

Published: 24 September 2005 Publication History

Abstract

This paper presents a methodology for monitoring security in Application Specific Instruction-set Processors (ASIPs). This is a generalized methodology for inline monitoring insecure operations in machine instructions at microinstruction level. Microinstructions are embedded into the critical machine instructions forming self checking instructions. We name this method Micro Embedded Monitoring. Since ASIPs are designed exclusively for a particular application domain, the Instruction Set Architecture (ISA) of an ASIP is based on the application executed. Knowledge of the domain gives an insight into the kinds of the security threats which need to be considered. The fact that the ISA design is based on the application makes room to accommodate security monitoring support during the design phase by embedding microinstructions into the critical machine instructions. Since the microinstructions are the lowest possible software level architecture, we could expect to get better performance by implementing security detection using microinstruction routines. Four different embedded security monitoring routines are implemented for evaluation. The average performance penalty with these monitoring routines with ten different benchmarks is 1.93% while the average area and power overheads are 5.26% and 3.07% respectively.

References

[1]

Arm Reference Manual, Advanced RISC Machines Ltd. 2000.]]

[2]

ASIP Meister Tutorial, PEAS PROJECT. 2003.]]

[3]

ASIP Meister User Manual, PEAS PROJECT. 2003.]]

[4]

ASIP Meister, Available at http://www.eda-meister.org/asip-meister.]]

[5]

The GCC Team, GNU/GCC Compiler, Free Software Foundation.]]

[6]

An Introduction to Thumb Advanced RISC Machines Ltd. 1995.]]

[7]

Merriam-Webster's Online Dictionary, 10th Edition, Available at http://www.m-w.com.]]

[8]

Perl Programming Language, Available at http://www.perl.org.]]

[9]

The SANS Institute, The SANS/FBI Twenty Most Critical Internet Security Vulnerabilities. 2004.]]

[10]

Alomary, A., T. Nakata, and Y. Honma, PEAS- I: A Hardware/Software Co-design System for ASIPs. IEEE International Test Conference, 1993: p. 2--7.]]

[11]

Baratloo, A., N. Singh, and T. Tsai, Transparent Run-Time Defense Against Stack Smashing Attacks. 2000.]]

[12]

Boneh, D., R.A. DeMillo, and R.J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults. Lecture Notes in Computer Science, 1997 p. 37--51.]]

[13]

Deckard, J., Defeating Overflow Attacks The SANS Institute 2004.]]

[14]

Dyer, J.G., et al., Building the IBM 4758 Secure Coprocessor. Computer, 2001. 34: p. 57--66.]]

Digital Library

[15]

Gebotys, C.H., Low energy security optimization in embedded cryptographic systems. 2004, ACM Press. p. 224--229.]]

Digital Library

[16]

Glokler, T. and H. Meyr, Design of Energy-Efficient Application-Specific Instruction Set Processors (ASIPs). First Edition ed. 2002: Kluwer Academic Publishers.]]

Digital Library

[17]

Guthaus, M.R., et al., Mibench: A free, commercially representative embedded benchmark suite. In IEEE 4th Annual Workshop on Workload Characterization, Austin, TX, 2001: p. 83--94.]]

Digital Library

[18]

Hess, E., et al., Information Leakage Attacks Agaist Smart Card Implementations of Cryptographic Algorithms and Countermeasures. 2000. p. 55--64.]]

[19]

Joglekar, S.P. and S.R. Tate, ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention. 2004, IEEE Computer Society.]]

[20]

Kc, G.S., A.D. Keromytis, and V. Prevelakis, Countering code-injection attacks with instruction-set randomization. 2003, ACM Press. p. 272--280.]]

[21]

Kelsey, J., et al., Side Channel Cryptanalysis of Product Ciphers. 1998. p. 97--110.]]

[22]

Kmmerling, O. and M.G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors. 1999. p. 9--20.]]

[23]

Kocher, P., et al., Security as a New Dimension in Embedded System Design. 2004.]]

[24]

Lee, R., et al., Enlisting Hardware Architecture to Thwart Malicious Code Injection. 2003, Springer Verlag LNCS.]]

[25]

Mahmood, A. and E.J. McCluskey, Concurrent Error Detection Using Watchdog Processors-A Survey. IEEE Trans. Computers, 1988. 37: p. 160--174.]]

Digital Library

[26]

Marwedel, P. and C. Gebotys, Secure and safety-critical vs. insecure, non safety-critical embedded systems: do they require completely different design approaches? 2004, ACM Press. p. 72--73.]]

Digital Library

[27]

McGregor, J., et al., A Processor Architecture Defense against Buffer Overflow Attacks. 2003, Springer Verlag. p. 237--252.]]

[28]

Muresan, R. and C.H. Gebotys, Current flattening in software and hardware for security applications. 2004, ACM Press. p. 218--223.]]

[29]

Nakka, N., et al., An Architectural Framework for Providing Reliability and Security Support. 2004, IEEE Computer Society.]]

[30]

Quisquater, J.J. and D. Samyde, Side Channel Cryptanalysis. 2002. p. 179--184.]]

[31]

Ragel, R.G. and S. Parameswaran, Soft Error Detection and Recovery in Application Specific Instruction-set Processors. 2005.]]

[32]

Ravi, S., A. Raghunathan, and S. Chakradhar, Tamper Resistance Mechanisms for Secure, Embedded Systems. 2004.]]

Digital Library

[33]

Ravi, S., et al., Security in embedded systems: Design challenges. Trans. on Embedded Computing Sys., 2004. 3: p. 461--491.]]

Digital Library

[34]

Reinhardt, S.K. and S.S. Mukherjee, Transient fault detection via simultaneous multithreading. 2000, ACM Press. p. 25--36.]]

[35]

Richarte, G., Four different tricks to bypass StackShield and StackGuard protection. 2002.]]

[36]

Schneider, F.B., G. Morrisett, and R. Harper, A Language-Based Approach to Security. Lecture Notes in Computer Science, 2001. 2000: p. 86--101.]]

Digital Library

[37]

Shao, Z., et al., Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks. 2004, IEEE Computer Society.]]

[38]

Shao, Z., et al., Defending Embedded Systems Against Buffer Overflow via Hardware/Software. 2003, IEEE Computer Society. p. 352.]]

[39]

Sint, M., MIDL - a microinstruction description language. 1981, IEEE Press. p. 95--106.]]

Digital Library

[40]

Smith, S.W. and S. Weingart, Building a high-performance, programmable secure coprocessor. Comput. Networks, 1999. 31: p. 831--860.]]

Digital Library

[41]

Suh, G., et al., AEGIS: Architecture for tamper-evident and tamper-resistant processing. 2003.]]

[42]

Suh, G., et al., Hardware mechanisms for memory integrity checking. 2002.]]

[43]

Wagner, D., et al., A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. 2000: San Diego, CA. p. 3--17.]]

[44]

Wiley, R. and E. Wiley, Smart Card Handbook. 2000.]]

Digital Library

[45]

Wilken, K.D. and T. Kong, Concurrent Detection of Software and Hardware Data-Access Faults. IEEE Trans. Comput., 1997. 46: p. 412--424.]]

Digital Library

[46]

Xu, J., Intrusion Prevention Using Control Data Randomization, in Suppl. of IEEE International Conf. on Dependable Systems and Networks (DSN), San Francesco, CA 2003.]]

[47]

Xu, J., Z. Kalbarczyk, and R.K. Iyer, Transparent Runtime Randomization for Security. 2003, IEEE Computer Society.]]

[48]

Xu, J., et al., Architecture support for defending against buffer overflow attacks. 2002.]]

[49]

Xu, J. et al., An Architectural Framework for Providing Security and Dependability Support, 2004.]]

[50]

Vetteth, A., Hardware Implementation of Reconfigurable Modules for Reliability and Security Engine, Master's Thesis, University of Illinois at Urbana Champaign, May 2005.]]

[51]

H. Eveking, Superscalar DLX Documentation, http://www.rs.e-technik.tu-darmstadt.de/TUD/res/dlxdocu/DlxPdf.zip.]]

[52]

Fisher, J.A., Customized Instruction-sets for Embedded Processors, in DAC'99: Proceedings of the 36th ACM/IEEE conference on Design Automation. 1999, ACM Press: Orleans, Louisiana, United States. p. 253--257.]]

Digital Library

[53]

Fisher, J. A., Faraboschi, P., and Desoli, G. Custom-Fit Processors: Letting Applications Define Architectures. International Symposium on Microarchitecture, Micro-29, Paris, France, 1996, 324--335.]]

Digital Library

Cited By

Mansour CChasaki D(2019)Adaptive security monitoring for next-generation routersEURASIP Journal on Embedded Systems10.1186/s13639-018-0087-02019:1Online publication date: 10-Jan-2019
https://doi.org/10.1186/s13639-018-0087-0
Hu KChandrikakutty HGoodman ZTessier RWolf T(2016)Dynamic Hardware Monitors for Network Processor ProtectionIEEE Transactions on Computers10.1109/TC.2015.243575065:3(860-872)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1109/TC.2015.2435750
Mansour CChasaki D(2016)Trust and reliability for next-generation routersMILCOM 2016 - 2016 IEEE Military Communications Conference10.1109/MILCOM.2016.7795417(740-745)Online publication date: Nov-2016
https://doi.org/10.1109/MILCOM.2016.7795417
Show More Cited By

Index Terms

Micro embedded monitoring for security in application specific instruction-set processors
1. Hardware
  1. Robustness

Recommendations

Automatic custom instruction identification for application-specific instruction set processors

The application-specific instruction set processors (ASIPs) have received more and more attention in recent years. ASIPs make trade-offs between flexibility and performance by extending the base instruction set of a general-purpose processor with custom ...
A MATLAB Vectorizing Compiler Targeting Application-Specific Instruction Set Processors
Special Section of IDEA: Integrating Dataflow, Embedded Computing, and Architecture

This article discusses a MATLAB-to-C vectorizing compiler that exploits custom instructions, for example, for Single Instruction Multiple Data (SIMD) processing and instructions for complex arithmetic present in Application-Specific Instruction Set ...
Energy-efficient instruction set synthesis for application-specific processors
ISLPED '03: Proceedings of the 2003 international symposium on Low power electronics and design

Several techniques have been proposed to enhance the energy-efficiency of ASIPs (Application-Specific Instruction set Processors). While those techniques can reduce the energy consumption with a minimal change in the instruction set (IS), they fail to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CASES '05: Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems

September 2005

326 pages

ISBN:159593149X

DOI:10.1145/1086297

General Chairs:
Thomas M. Conte
North Carolina State University
,
Paolo Faraboschi
Hewlett-Packard Laboratories
,
Program Chairs:
Bill Mangione-Smith
Quantum Intellectual Property Services
,
Walid Najjar
University of California, Riverside

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 September 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CASES05

Sponsor:

CASES05: 2005 International Conference on Compilers, Architectures and Synthesis for Embedded Systems

September 24 - 27, 2005

California, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 52 of 230 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
589
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mansour CChasaki D(2019)Adaptive security monitoring for next-generation routersEURASIP Journal on Embedded Systems10.1186/s13639-018-0087-02019:1Online publication date: 10-Jan-2019
https://doi.org/10.1186/s13639-018-0087-0
Hu KChandrikakutty HGoodman ZTessier RWolf T(2016)Dynamic Hardware Monitors for Network Processor ProtectionIEEE Transactions on Computers10.1109/TC.2015.243575065:3(860-872)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1109/TC.2015.2435750
Mansour CChasaki D(2016)Trust and reliability for next-generation routersMILCOM 2016 - 2016 IEEE Military Communications Conference10.1109/MILCOM.2016.7795417(740-745)Online publication date: Nov-2016
https://doi.org/10.1109/MILCOM.2016.7795417
Kornaros GPnevmatikatos D(2013)A survey and taxonomy of on-chip monitoring of multicore systems-on-chipACM Transactions on Design Automation of Electronic Systems10.1145/2442087.244208818:2(1-38)Online publication date: 11-Apr-2013
https://dl.acm.org/doi/10.1145/2442087.2442088
Kekai Hu Chandrikakutty HTessier RWolf T(2013)Scalable hardware monitors to protect network processors from data plane attacks2013 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2013.6682721(314-322)Online publication date: Oct-2013
https://doi.org/10.1109/CNS.2013.6682721
Huang ZHarris I(2012)Return-oriented vulnerabilities in ARM executables2012 IEEE Conference on Technologies for Homeland Security (HST)10.1109/THS.2012.6459817(1-6)Online publication date: Nov-2012
https://doi.org/10.1109/THS.2012.6459817
Krieg AGrinschgl JSteger CWeiss RGenser ABock HHaid J(2012)Characterization and handling of low-cost micro-architectural signatures in MPSoCs2012 17TH IEEE EUROPEAN TEST SYMPOSIUM (ETS)10.1109/ETS.2012.6233011(1-6)Online publication date: May-2012
https://doi.org/10.1109/ETS.2012.6233011
Krieg AGrinschgl JDruml NSteger CWeiss RBock HHaid J(2012)PROCOMONProceedings of the 2012 15th Euromicro Conference on Digital System Design10.1109/DSD.2012.106(654-660)Online publication date: 5-Sep-2012
https://dl.acm.org/doi/10.1109/DSD.2012.106
Keun Soo Yim Sidea VKalbarczyk ZDeming Chen Iyer R(2012)A fault-tolerant programmable voter for software-based N-modular redundancy2012 IEEE Aerospace Conference10.1109/AERO.2012.6187253(1-20)Online publication date: Mar-2012
https://doi.org/10.1109/AERO.2012.6187253
Wolf TTessier RPrabhu G(2011)Securing the data path of next-generation router systemsComputer Communications10.1016/j.comcom.2010.03.01934:4(598-606)Online publication date: 1-Apr-2011
https://dl.acm.org/doi/10.1016/j.comcom.2010.03.019
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten