research-article

OPEC: operation-based security isolation for bare-metal embedded systems

Authors:

Kui RenAuthors Info & Claims

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

Pages 317 - 333

https://doi.org/10.1145/3492321.3519573

Published: 28 March 2022 Publication History

Abstract

Bare-metal embedded systems usually lack security isolation. Attackers can subvert the whole system with a single vulnerability. Previous research intends to enforce both privilege isolation (to run application code at the unprivileged level) and resource isolation for global variables and peripherals. However, it suffers from partition-time and execution-time over-privilege issues, due to the limited hardware resources (MPU regions) and the improper way to partition a program.

In this paper, we propose operation-based isolation for bare-metal embedded systems. An operation is a logically independent task composed of an entry function and all functions reachable from it. To solve the partition-time over-privilege issue, we utilize the global variables shadowing technique to reduce the needed MPU regions to confine the access of the global variables. To mitigate the execution-time over-privilege issue, we split programs into code compartments (called operation) that only contain necessary functions to perform specific tasks, thereby removing the resources needed by unnecessary functions. We implement a prototype called OPEC, which contains an LLVM-based compiler and a reference monitor. The compiler partitions a program and analyzes the resource dependency for each operation. With the hardware-supported privilege levels and MPU, the reference monitor is responsible for enforcing the privilege and resource isolation at runtime. Our evaluation shows that OPEC can achieve the security guarantees for the privilege and resource isolation with negligible runtime overhead (average 0.23%), moderate Flash overhead (average 1.79%), and acceptable SRAM overhead (average 5.35%).

References

[1]

Ali Abbasi, Jos Wetzels, Thorsten Holz, and Sandro Etalle. 2019. Challenges in designing exploit mitigations for deeply embedded systems. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). 31--46.

[2]

Tigist Abera, N Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. C-FLAT: control-flow attestation for embedded systems software. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security. 743--754.

Digital Library

[3]

Naif Saleh Almakhdhub, Abraham A Clements, Saurabh Bagchi, and Mathias Payer. 2020. uRAI: Securing Embedded Systems with Return Address Integrity. In Network and Distributed Systems Security (NDSS) Symposium.

[4]

Arm. 2022. ARMv7-M Architecture Reference Manual. Retrieved March 16, 2022 from https://developer.arm.com/documentation/ddi0403/latest

[5]

Arm. 2022. Data Watchpoint and Trace Unit. Retrieved March 16, 2022 from https://developer.arm.com/documentation/ddi0439/b/Data-Watchpoint-and-Trace-Unit

[6]

Arm. 2022. GNU Arm Embedded Toolchain. Retrieved March 16, 2022 from https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm

[7]

binutils. 2022. Retrieved March 16, 2022 from https://man7.org/linux/man-pages/man1/readelf.1.html

[8]

Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the 52nd annual design automation conference. 1--6.

Digital Library

[9]

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry. 2012. Towards Taming Privilege-Escalation Attacks on Android. In Network and Distributed Systems Security (NDSS) Symposium.

[10]

Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-Grained Execution Units with Private Memory. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP 16). 56--71.

[11]

Abraham A Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. 2018. ACES: Automatic Compartments for Embedded Systems. In 27th USENIX Security Symposium (USENIX Security 18). 65--82.

[12]

Abraham A Clements, Naif Saleh Almakhdhub, Khaled S Saab, Prashast Srivastava, Jinkyu Koo, Saurabh Bagchi, and Mathias Payer. 2017. Protecting bare-metal embedded systems with privilege overlays. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP 17). 289--303.

[13]

EEMBC. 2022. EEMBC, "Coremark - industry-standard benchmarks for embedded. Retrieved March 16, 2022 from https://www.eembc.org/coremark/

[14]

Kaiming Fang and Guanhua Yan. 2020. IoTReplay: Troubleshooting COTS IoT Devices with Record and Replay. In 2020 IEEE/ACM Symposium on Edge Computing (SEC). 193--205.

[15]

Free Software Foundation. 2022. lwIP - A Lightweight TCP/IP stack. Retrieved March 16, 2022 from https://savannah.nongnu.org/projects/lwip/

[16]

GNU. 2022. GDB: The GNU Project Debugger. Retrieved March 16, 2022 from https://www.gnu.org/software/gdb/

[17]

Khilan Gudka, Robert NM Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G Neumann, and Alex Richardson. 2015. Clean application compartmentalization with SOAAP. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1016--1031.

Digital Library

[18]

Norm Hardy. 1988. The Confused Deputy: (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 22, 4 (1988), 36--38.

Digital Library

[19]

Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. 2022. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31th USENIX Security Symposium (USENIX Security 22).

[20]

Manuel Huber, Stefan Hristozov, Simon Ott, Vasil Sarafov, and Marcus Peinado. 2020. The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 6--19.

Digital Library

[21]

Dongdong Huo, Chao Liu, Xiao Wang, Mingxuan Li, Yu Wang, Yazhe Wang, Peng Liu, and Zhen Xu. 2020. A Machine Learning-Assisted Compartmentalization Scheme for Bare-Metal Systems. In International Conference on Information and Communications Security. 20--35.

Digital Library

[22]

Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu. 2018. Securing Real-Time Microcontroller Systems through Customized Memory View Switching. In Network and Distributed Systems Security (NDSS) Symposium.

[23]

Taegyu Kim, Chung Hwan Kim, Altay Ozen, Fan Fei, Zhan Tu, Xiangyu Zhang, Xinyan Deng, Dave Jing Tian, and Dongyan Xu. 2020. From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY. In 29th USENIX Security Symposium (USENIX Security 20). 913--930.

[24]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In Proceedings of the Ninth European Conference on Computer Systems. 1--14.

Digital Library

[25]

Donghyun Kwon, Jangseop Shin, Giyeol Kim, Byoungyoung Lee, Yeongpil Cho, and Yunheung Paek. 2019. uXOM: Efficient eXecute-Only Memory on ARM Cortex-M. In 28th USENIX Security Symposium (USENIX Security 19). 231--247.

[26]

Shen Liu, Dongrui Zeng, Yongzhe Huang, Frank Capobianco, Stephen McCamant, Trent Jaeger, and Gang Tan. 2019. Program-mandering: Quantitative privilege separation. In Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security. 1023--1040.

Digital Library

[27]

Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, and Yubin Xia. 2015. Thwarting memory disclosure with efficient hypervisor-enforced intradomain isolation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1607--1619.

[28]

LLVM. 2022. The LLVM Compiler Infrastructure. Retrieved March 16, 2022 from https://llvm.org/

[29]

Kangjie Lu and Hong Hu. 2019. Where does it go? refining indirect-call targets with multi-layer type analysis. In Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security. 1867--1881.

[30]

Alejandro Mera, Yi Hui Chen, Ruimin Sun, Engin Kirda, and Long Lu. 2022. D-Box: DMA-enabled Compartmentalization for Embedded Applications. In Network and Distributed Systems Security (NDSS) Symposium.

[31]

Christian Niesler, Sebastian Surminski, and Lucas Davi. 2021. HERA: Hotpatching of Embedded Real-time Applications. In Proceedings of THE 28th Network and Distributed System Security Symposium.

[32]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2020. APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise. In 29th USENIX Security Symposium USENIX Security 20). 771--788.

[33]

RISC-V. 2022. RISC-V Physical Memory Protection. Retrieved March 16, 2022 from https://riscv.org/technical/specifications/

[34]

Rust. 2022. Rust Programming Language. Retrieved March 16, 2022 from https://www.rust-lang.org/

[35]

STMicroelectronics. 2022. STM32479I-EVAL Evaluation Board. Retrieved March 16, 2022 from https://www.st.com/en/evaluation-tools/stm32479i-eval.html

[36]

STMicroelectronics. 2022. STM32Cube MCU Full Package. Retrieved March 16, 2022 from https://github.com/STMicroelectronics/STM32CubeF4/tree/master/Projects/STM32469I_EVAL

[37]

STMicroelectronics. 2022. STM32F4-Discovery Board. Retrieved March 16, 2022 from https://www.st.com/en/evaluation-tools/stm32f4discovery.html

[38]

Yulei Sui and Jingling Xue. 2016. SVF: interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th international conference on compiler construction. 265--266.

Digital Library

[39]

Zhichuang Sun, Bo Feng, Long Lu, and Somesh Jha. 2020. OAT: Attesting operation integrity of embedded devices. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP 20). 1433--1449.

[40]

Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, André DeHon, and Jonathan M Smith. 2017. Towards fine-grained, automated application compartmentalization. In Proceedings of the 9th Workshop on Programming Languages and Operating Systems. 43--50.

Digital Library

[41]

Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, André DeHon, and Jonathan M Smith. 2018. BreakApp: Automated, Flexible Application Compartmentalization. In Network and Distributed Systems Security (NDSS) Symposium.

[42]

Michael Wahler and Manuel Oriol. 2014. Disruption-free software updates in automation systems. In Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA). 1--8.

[43]

Michael Wahler, Stefan Richter, Sumit Kumar, and Manuel Oriol. 2011. Non-disruptive large-scale component updates for real-time controllers. In 2011 IEEE 27th International Conference on Data Engineering Workshops. 174--178.

Digital Library

[44]

Michael Wahler, Stefan Richter, and Manuel Oriol. 2009. Dynamic software updates for real-time systems. In Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades. 1--6.

Digital Library

[45]

Meng Xu, Manuel Huber, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee, Andrey Marochko, Dennis Mattoon, Rob Spiger, and Stefan Thom. 2019. Dominance as a new trusted computing primitive for the internet of things. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP 19). 1415--1430.

[46]

Jie Zhou, Yufei Du, Zhuojia Shen, Lele Ma, John Criswell, and Robert J Walls. 2020. Silhouette: Efficient protected shadow stacks for embedded systems. In 29th USENIX Security Symposium (USENIX Security 20). 1219--1236.

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Kang JPark JSeo JKwon DDe V(2024)Look Before You Access: Efficient Heap Memory Safety for Embedded Systems on ARMv8-MProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3655949(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3655949
Show More Cited By

Index Terms

OPEC: operation-based security isolation for bare-metal embedded systems
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security

Recommendations

CyberGuarder: A virtualization security assurance architecture for green cloud computing

As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-...
Formal verification of software-only mechanisms for live migration of SGX enclaves

Live migration is not supported by current Intel® SGX implementations. So, software emulation is unavoidable to enable deployed hypervisors migrating live virtual machines running SGX enclaves in the cloud. However, copying the running state of an enclave ...
L-IDS: A lightweight hardware-assisted IDS for IoT systems to detect ransomware attacks
IoTDI '23: Proceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation

In recent years, ransomware has evolved to target Internet of things (IoT) devices, such as medical equipment and thermostats. Traditional ransomware detection methods may not be effective for resource-constrained IoT devices as IoT-based ransomware is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

March 2022

783 pages

ISBN:9781450391627

DOI:10.1145/3492321

General Chair:
Yérom-David Bromberg
University of Rennes 1
,
Program Chairs:
Anne-Marie Kermarrec
EPFL
,
Christos Kozyrakis
Stanford University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang
National Natural Science Foundation of China
Fundamental Research Funds for the Central Universities

Conference

EuroSys '22

Sponsor:

SIGOPS

EuroSys '22: Seventeenth European Conference on Computer Systems

April 5 - 8, 2022

Rennes, France

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
596
Total Downloads

Downloads (Last 12 months)94
Downloads (Last 6 weeks)11

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Kang JPark JSeo JKwon DDe V(2024)Look Before You Access: Efficient Heap Memory Safety for Embedded Systems on ARMv8-MProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3655949(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3655949
Dejon NGaber CGrimaud G(2022)From MMU to MPU: Adaptation of the Pip Kernel to Constrained DevicesArtificial Intelligence, Soft Computing and Applications10.5121/csit.2022.122309(109-127)Online publication date: 22-Dec-2022
https://doi.org/10.5121/csit.2022.122309

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents