ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Micro embedded monitoring for security in application specific instruction-set processors
Full text PdfPdf (358 KB)
Source International Conference on Compilers, Architecture and Synthesis for Embedded Systems archive
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems table of contents
San Francisco, California, USA
SESSION: Threads table of contents
Pages: 304 - 314  
Year of Publication: 2005
ISBN:1-59593-149-X
Authors
Roshan G. Ragel  The University of New South Wales (UNSW) and National ICT Australia, Sydney, Australia
Sri Parameswaran  The University of New South Wales (UNSW) and National ICT Australia, Sydney, Australia
Sayed Mohammad Kia  Abbaspour University, Tehran, Iran (visiting UNSW, Sydney)
Sponsors
ACM: Association for Computing Machinery
SIGBED: ACM Special Interest Group on Embedded Systems
SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 2,   Downloads (12 Months): 63,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1086297.1086337
What is a DOI?

ABSTRACT

This paper presents a methodology for monitoring security in Application Specific Instruction-set Processors (ASIPs). This is a generalized methodology for inline monitoring insecure operations in machine instructions at microinstruction level. Microinstructions are embedded into the critical machine instructions forming self checking instructions. We name this method Micro Embedded Monitoring. Since ASIPs are designed exclusively for a particular application domain, the Instruction Set Architecture (ISA) of an ASIP is based on the application executed. Knowledge of the domain gives an insight into the kinds of the security threats which need to be considered. The fact that the ISA design is based on the application makes room to accommodate security monitoring support during the design phase by embedding microinstructions into the critical machine instructions. Since the microinstructions are the lowest possible software level architecture, we could expect to get better performance by implementing security detection using microinstruction routines. Four different embedded security monitoring routines are implemented for evaluation. The average performance penalty with these monitoring routines with ten different benchmarks is 1.93% while the average area and power overheads are 5.26% and 3.07% respectively.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Arm Reference Manual, Advanced RISC Machines Ltd. 2000.
 
2
ASIP Meister Tutorial, PEAS PROJECT. 2003.
 
3
ASIP Meister User Manual, PEAS PROJECT. 2003.
 
4
ASIP Meister, Available at http://www.eda-meister.org/asip-meister.
 
5
The GCC Team, GNU/GCC Compiler, Free Software Foundation.
 
6
An Introduction to Thumb Advanced RISC Machines Ltd. 1995.
 
7
Merriam-Webster's Online Dictionary, 10th Edition, Available at http://www.m-w.com.
 
8
Perl Programming Language, Available at http://www.perl.org.
 
9
The SANS Institute, The SANS/FBI Twenty Most Critical Internet Security Vulnerabilities. 2004.
 
10
Alomary, A., T. Nakata, and Y. Honma, PEAS- I: A Hardware/Software Co-design System for ASIPs. IEEE International Test Conference, 1993: p. 2--7.
 
11
Baratloo, A., N. Singh, and T. Tsai, Transparent Run-Time Defense Against Stack Smashing Attacks. 2000.
 
12
Boneh, D., R.A. DeMillo, and R.J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults. Lecture Notes in Computer Science, 1997 p. 37--51.
 
13
Deckard, J., Defeating Overflow Attacks The SANS Institute 2004.
 
14
Joan G. Dyer , Mark Lindemann , Ronald Perez , Reiner Sailer , Leendert van Doorn , Sean W. Smith , Steve Weingart, Building the IBM 4758 Secure Coprocessor, Computer, v.34 n.10, p.57-66, October 2001  [doi>10.1109/2.955100]
 
15
Catherine H. Gebotys, Low Energy Security Optimization in Embedded Cryptographic Systems, Proceedings of the International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'04), p.224-229, September 08-10, 2004  [doi>10.1109/CODES+ISSS.2004.38]
 
16
Tilman Glokler , Heinrich Meyr, Design of Energy-Efficient Application-Specific Instruction Set Processors, Kluwer Academic Publishers, Norwell, MA, 2004
 
17
Guthaus, M.R., et al., Mibench: A free, commercially representative embedded benchmark suite. In IEEE 4th Annual Workshop on Workload Characterization, Austin, TX, 2001: p. 83--94.
 
18
Hess, E., et al., Information Leakage Attacks Agaist Smart Card Implementations of Cryptographic Algorithms and Countermeasures. 2000. p. 55--64.
 
19
Joglekar, S.P. and S.R. Tate, ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention. 2004, IEEE Computer Society.
 
20
Kc, G.S., A.D. Keromytis, and V. Prevelakis, Countering code-injection attacks with instruction-set randomization. 2003, ACM Press. p. 272--280.
 
21
Kelsey, J., et al., Side Channel Cryptanalysis of Product Ciphers. 1998. p. 97--110.
 
22
Kmmerling, O. and M.G. Kuhn, Design Principles for Tamper-Resistant Smartcard Processors. 1999. p. 9--20.
 
23
Kocher, P., et al., Security as a New Dimension in Embedded System Design. 2004.
 
24
Lee, R., et al., Enlisting Hardware Architecture to Thwart Malicious Code Injection. 2003, Springer Verlag LNCS.
 
25
A. Mahmood , E. J. McCluskey, Concurrent Error Detection Using Watchdog Processors-A Survey, IEEE Transactions on Computers, v.37 n.2, p.160-174, February 1988  [doi>10.1109/12.2145]
 
26
Peter Marwedel , Catherine Gebotys, Secure and Safety-Critical vs. Insecure, Non Safety-Critical Embedded Systems: Do They Require Completely Different Design Approaches?, Proceedings of the International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'04), p.72-73, September 08-10, 2004  [doi>10.1109/CODES+ISSS.2004.52]
 
27
McGregor, J., et al., A Processor Architecture Defense against Buffer Overflow Attacks. 2003, Springer Verlag. p. 237--252.
 
28
Muresan, R. and C.H. Gebotys, Current flattening in software and hardware for security applications. 2004, ACM Press. p. 218--223.
 
29
Nakka, N., et al., An Architectural Framework for Providing Reliability and Security Support. 2004, IEEE Computer Society.
 
30
Quisquater, J.J. and D. Samyde, Side Channel Cryptanalysis. 2002. p. 179--184.
 
31
Ragel, R.G. and S. Parameswaran, Soft Error Detection and Recovery in Application Specific Instruction-set Processors. 2005.
 
32
Srivaths Ravi , Anand Raghunathan , Srimat Chakradhar, Tamper Resistance Mechanisms for Secure, Embedded Systems, Proceedings of the 17th International Conference on VLSI Design, p.605, January 05-09, 2004
33
Srivaths Ravi , Anand Raghunathan , Paul Kocher , Sunil Hattangady, Security in embedded systems: Design challenges, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.461-491, August 2004  [doi>10.1145/1015047.1015049]
 
34
Reinhardt, S.K. and S.S. Mukherjee, Transient fault detection via simultaneous multithreading. 2000, ACM Press. p. 25--36.
 
35
Richarte, G., Four different tricks to bypass StackShield and StackGuard protection. 2002.
 
36
Fred B. Schneider , J. Gregory Morrisett , Robert Harper, A Language-Based Approach to Security, Informatics - 10 Years Back. 10 Years Ahead., p.86-101, January 2001
 
37
Shao, Z., et al., Security Protection and Checking in Embedded System Integration Against Buffer Overflow Attacks. 2004, IEEE Computer Society.
 
38
Shao, Z., et al., Defending Embedded Systems Against Buffer Overflow via Hardware/Software. 2003, IEEE Computer Society. p. 352.
39
Marleen Sint, MIDL - a microinstruction description language, Proceedings of the 14th annual workshop on Microprogramming, p.95-106, December 01-01, 1981, Chatham, Massachusetts, United States
 
40
Sean W. Smith , Steve Weingart, Building a high-performance, programmable secure coprocessor, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.9, p.831-860, April 23, 1999
 
41
Suh, G., et al., AEGIS: Architecture for tamper-evident and tamper-resistant processing. 2003.
 
42
Suh, G., et al., Hardware mechanisms for memory integrity checking. 2002.
 
43
Wagner, D., et al., A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. 2000: San Diego, CA. p. 3--17.
 
44
Wolfgang Rankl , W. Rankl , W. Effing , Wolfgang Effing , Kenneth Cox, Smart Card Handbook, John Wiley & Sons, Inc., New York, NY, 2000
 
45
Kent D. Wilken , Timothy Kong, Concurrent Detection of Software and Hardware Data-Access Faults, IEEE Transactions on Computers, v.46 n.4, p.412-424, April 1997  [doi>10.1109/12.588046]
 
46
Xu, J., Intrusion Prevention Using Control Data Randomization, in Suppl. of IEEE International Conf. on Dependable Systems and Networks (DSN), San Francesco, CA 2003.
 
47
Xu, J., Z. Kalbarczyk, and R.K. Iyer, Transparent Runtime Randomization for Security. 2003, IEEE Computer Society.
 
48
Xu, J., et al., Architecture support for defending against buffer overflow attacks. 2002.
 
49
Xu, J. et al., An Architectural Framework for Providing Security and Dependability Support, 2004.
 
50
Vetteth, A., Hardware Implementation of Reconfigurable Modules for Reliability and Security Engine, Master's Thesis, University of Illinois at Urbana Champaign, May 2005.
 
51
H. Eveking, Superscalar DLX Documentation, http://www.rs.e-technik.tu-darmstadt.de/TUD/res/dlxdocu/DlxPdf.zip.
52
Joseph A. Fisher, Customized instruction-sets for embedded processors, Proceedings of the 36th ACM/IEEE conference on Design automation, p.253-257, June 21-25, 1999, New Orleans, Louisiana, United States  [doi>10.1145/309847.309923]
 
53
Joseph A. Fisher , Paolo Faraboschi , Giuseppe Desoli, Custom-fit processors: letting applications define architectures, Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture, p.324-335, December 02-04, 1996, Paris, France

CITED BY  3
Divya Arora , Anand Raghunathan , Srivaths Ravi , Niraj K. Jha, Architectural support for safe software execution on embedded processors, Proceedings of the 4th international conference on Hardware/software codesign and system synthesis, October 22-25, 2006, Seoul, Korea
Roshan G. Ragel , Sri Parameswaran, IMPRES: integrated monitoring for processor reliability and security, Proceedings of the 43rd annual conference on Design automation, July 24-28, 2006, San Francisco, CA, USA
Yunsi Fei , Z. Jerry Shi, Microarchitectural support for program code integrity monitoring in application-specific instruction set processors, Proceedings of the conference on Design, automation and test in Europe, April 16-20, 2007, Nice, France

INDEX TERMS

Primary Classification:
  B. Hardware
  B.8 Performance and Reliability
      B.8.0 General


General Terms:
Design, Experimentation, Reliability, Security, Verification


Keywords:
application specific instruction-set processors, micro embedded monitoring, microinstructions, security monitoring, self-monitoring instructions

Collaborative Colleagues:
Roshan G. Ragel: colleagues
Sri Parameswaran: colleagues
Sayed Mohammad Kia: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player