A compiler-hardware approach to software protection for embedded systems

Because of their rapid growth in recent years, embedded systems present a new front in vulnerability and an attractive target for attackers. Their pervasive use, including sensors and mobile devices, makes it easier for an adversary to gain physical access to facilitate both attacks and reverse engineering of the system. This paper describes a system - CODESSEAL - for software protection and evaluates its overhead. CODESSEAL aims to protect embedded systems from attackers with enough expertise and resources to capture the device and attempt to manipulate not only software, but also hardware. The protection mechanism involves both a compiler-based software tool that instruments executables and an on-chip FPGA-based hardware component that provides run-time integrity and control flow checking on the executable code. The use of reconfigurable hardware allows CODESSEAL to provide such security services as confidentiality, integrity and program-flow protection in a platform-independent manner without requiring a redesign of the processor. Similarly, the compiler instrumentation hides the security details from software developers. Software and data protection techniques are presented for our system and a performance analysis is provided using cycle accurate simulation. Our experimental results show that protecting instructions and data with a high level of security can be achieved with low performance penalty, in most cases less than 10%.     

Object-oriented simulations in mechatronics

The artificial word 'mechatronics' represents the symbiosis of 'classical' mechanical systems and 'modern' electmnics that has opened up a wide range of new possibilities. A typical application is an anti-lock braking system (ABS), a very complex combination of sensors, microprocessor-based controllers, electromagnetic actuators and mechanical as well as hydraulic components. Increasing complexity and their mostly non-linear behaviour are the major challenges in designing, implementing and testing these systems. A very promising design methodology is based on the idea of integrating real hardware via interfaces into a system simulation ('hardware-in-the-loop'). Development may start with a completely simulated model. With hardware being designed and becoming available, it is step by step incorporated into the system. This methodology significantly reduces development time since there is early feedback on the design approaches and the final solution is proved under real operating conditions. Obviously the real-time simulation of fast mechatronical systems requires tremendous computing power. Supposing one finds a way to express the simulation problem in a parallel form, a multi-transputer system could provide the necessary computing power for a relatively low price. One solution is a modelling approach that decomposes the systems hierarchically into components with a strong relationship to the physical world. Each component is described by a set of equations operating on the component's own local state. The communication of physical interface data is modelled by sending messages via connections between the components. This approach may be attributed as 'object-oriented' since computer science defines objects as independent elements maintaining their own internal state and communicating via message-passing mechanisms. Taking a close look at a transputer, it reveals a very 'object'-like architecture: local memory to maintain its own local state and links designed to pass messages between transputers. Therefore transputers are the ideal vehicle for fast real-time simulation by following the principle of object-orientation, from system modelling all the way down to simulation.     

Secure embedded system hardware design – A flexible security and trust enhanced approach

Embedded systems have found a very strong foothold in global Information Technology (IT) market since they can provide very specialized and intricate functionality to a wide range of products. On the other hand, the migration of IT functionality to a plethora of new smart devices (like mobile phones, cars, aviation, game or households machines) has enabled the collection of a considerable number of data that can be characterized sensitive. Therefore, there is a need for protecting that data through IT security means. However, eare usually dployed in hostile environments where they can be easily subject of physical attacks. In this paper, we provide an overview from ES hardware perspective of methods and mechanisms for providing strong security and trust. The various categories of physical attacks on security related embedded systems are presented along with countermeasures to thwart them and the importance of reconfigurable logic flexibility, adaptability and scalability along with trust protection mechanisms is highlighted. We adopt those mechanisms in order to propose a FPGA based embedded system hardware architecture capable of providing security and trust along with physical attack protection using trust zone separation. The benefits of such approach are discussed and a subsystem of the proposed architecture is implemented in FPGA technology as a proof of concept case study. From the performed analysis and implementation, it is concluded that flexibility, security and trust are fully realistic options for embedded system security enhancement.