Architectural Support for Security and Reliability in Embedded Processors by Roshan G. Ragel B.Sc.Eng. (Hons), MIEEE(USA), MIET(UK), AMIE(SL) A Dissertation Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy August 2006 Copyright c 2006 by Roshan G. Ragel All rights reserved. No part of the material protected by this copyright notice may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording or by any information storage and retrieval system, without the prior permission of the author. Author’s e-mail: [email protected] ORIGINALITY STATEMENT ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project’s design and conception or in style, presentation and linguistic expression is acknowledged.’ Signed : (Roshan G. Ragel) Date : 31-07-2007 COPYRIGHT STATEMENT ‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.' Signed : Date : 31/07/2007 AUTHENTICITY STATEMENT ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’ Signed : Date : 31/07/2007 To the memories of all my Teachers... Abstract Security and reliability in processor based systems are concerns requiring adroit solutions. Security is often compromised by code injection attacks, jeopardizing even ‘trusted soft- ware’. Reliability is of concern, where unintended code is executed in modern processors with ever smaller feature sizes and low voltage swings causing bit flips. Countermeasures by software-only approaches increase code size and therefore significantly reduce perfor- mance. Hardware assisted approaches use additional hardware monitors and thus incur considerably high hardware cost and have scalability problems. Considering reliability and security issues during the design of an embedded system has its advantages as this overcomes the limitations of existing solutions. The research work presented in this thesis combines two elements: one, defining a hard- ware software design framework for reliability and security monitoring at the granularity of micro-instructions, and two, applying this framework for real world problems. At a given time, a processor executes only a few instructions and large part of the processor is idle. Utilizing these idling hardware components by sharing them with the monitoring hardware, to perform security and reliability monitoring reduces the impact of the moni- tors on hardware cost. Using micro-instruction routines within the machine instructions, allows us to share most of the monitoring hardware. Therefore, our technique requires little hardware overhead in comparison to having additional hardware blocks outside the processor. This reduction in overhead is due to maximal sharing of hardware resources of the processor. Our framework is superior to software-only techniques as the monitoring i routines are formed with micro-instructions and therefore reduces code size and execution time overheads, since they occur in parallel with machine instructions. This dissertation makes four significant contributions to the field of security and relia- bility on embedded processor research and they are: (i) proposed a security and relia- bility framework for embedded processors that could be included into its design phase; (ii) shown that inline (machine instruction level) monitoring will detect common secu- rity attacks (four inline monitors against common attacks cost 9.21% area and 0.67% performance, as opposed to previous work where an external monitor with two monitor- ing modules costs 15% area overhead); (iii) illustrated that basic block check-summing for code integrity is much simpler and efficient than currently proposed integrity viola- tion detectors which address code injection attacks (this costs 5.03% area increase and 3.67% performance penalty with a single level control flow checking, as opposed to pre- vious work where the area overhead is 5.59%, which needed three control flow levels of integrity checking); and (iv) shown that hardware assisted control flow checking imple- mented during the design of a processor is much cheaper and effective than software only approaches (this approach costs 0.24-1.47% performance and 3.59% area overheads, as opposed to previous work that costs 53.5-99.5% performance). Acknowledgements ... ‘I can’t explain myself, I’m afraid, Sir, because I’m not myself you see’ .. — Lewis Carroll, Alice’s Adventures in Wonderland have been fortunate enough to meet and be with many wonderful people over the years, who have given me their time, companionship, friendship and professional, moral and personal helps. It is Itime to recall and acknowledge all of them at this special moment of time. First I must thank the Department of Education, Science and Training, Australia (DEST), for fund- ing my research through the Endeavour International Postgraduate Research Scholarship (EIPRS). I am also grateful to National Information and Communications Technology Australia (NICTA) and Faculty of Engineering, University of New South Wales for their additional support. Now, I would first like to thank my supervisor, Sri Parameswaran. He not only gave me the tech- nical support and supervision that a graduate student could expect from his supervisor, but he also encouraged and gave moral support without which I would never have made it this far. Seyed Mohammad Kia, of Abbaspour University has co-authored two of my papers. His companion- ability and the nature of taking everything positive have for sure made me a better researcher. I should thank him for his time, effort and everything else. Many thanks to the following academic giants for being in my PhD review panels: Aleksandar Ignja- tovic, Oliver Frank Diessel and Kevin John Elphinstone. Their comments and feedbacks have always been valuable and beneficial and have enhanced my thesis into the right direction. Ravishankar Iyer, of University of Illinois at Urbana Champaign allowed me to spend couple of months with his group at Coordinated Science Laboratory. It was a fruitful experience for me and I take this opportunity to thank him and other researchers in his group, particularly Zbigniew Kalbar- czyk, Nithin Nakka, Weining Gu, Shuo Chen and Karthik Pattabiraman. A list that, alas, has far too many names on it to mention separately is that of all researchers and colleagues at Embedded Systems Laboratory (ESL), University of New South Wales - my working place. It was pleasure, fun and stimulating of being in such an environment and I am definitely sure iii iv Acknowledgements that I am going to miss them all. All the insightful conversations we exchanged over the past couple of years had made my stay at ESL a delightful experience. Thanks go out also to my thesis examiners, for their time that they spent on reviewing my writing, their valuable feedbacks and comments and their efforts on evaluating it. I would like to thank my parents who are in Sri Lanka and brother for their unconditional love, patience and support. I definitely missed them all during my stay in Sydney to pursue my PhD. I also would like to thank all my friends (you all know who you are!) for their help, friendship, understanding and patience. Finally, I would like to extend my thanks to all the researchers around the world, who are working on computer architecture, security and reliability whose work have motivated me in many aspects. Particularly, all the reviewers and editors of my papers for their priceless efforts and feedbacks. Table of Contents List of Figures xi List of Tables xv 1 Introduction 1 1.1 About this Chapter ............................. 1 1.1.1 Objectives .............................. 1 1.1.2 Contributions ............................ 2 1.2 Embedded Systems and Security ...................... 2 1.3 Embedded Systems and Reliability ..................... 7 1.4 Organization of the Thesis ......................... 14 1.5 Summary of this chapter .......................... 15 2 Security and Reliability Issues 17 2.1 About this Chapter ............................. 17 2.1.1 Objectives .............................. 17 2.1.2 Outline ............................... 18 2.1.3 Contributions ............................ 18 2.2 Security Issues ................................ 18 2.3 Code Injection Attacks ........................... 22 2.3.1 Stack-based buffer overflows .................... 22 2.3.2 Heap-based buffer overflows .................... 26 2.3.3 Exploiting double-free vulnerability ................ 31 2.3.4 Integer errors ............................ 34 2.3.5 Exploiting format string vulnerabilities ............... 37 2.4 Reliability Issues .............................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages303 Page
-
File Size-