An efficient runtime instruction block verification for secure embedded systems

Issue title: Embeded Processors and Systems: Architectural Issues and Solutions for Emerging Applications

Article type: Research Article

Authors: Milenkovic, Aleksandar | Milenkovic, Milena | Jovanov, Emil

Affiliations: Electrical and Computer Engineering Department, University of Alabama in Huntsville, Huntsville, AL 35899, USA | IBM, Austin, TX 78758 USA. E-mail: milena@computer.org

Note: [] Corresponding author. A. Milenkovic, Tel.: +1 256 824 6830; Fax: +1 256 824 6803; E-mail: milenka@ece.uah.edu

Abstract: Embedded system designers face a unique set of challenges in making their systems more secure, as these systems often have stringent resource constraints or must operate in harsh or physically insecure environments. One of the security issues that have recently drawn attention is software integrity, which ensures that the programs in the system have not been changed either by an accident or an attack. In this paper we propose an efficient hardware mechanism for runtime verification of software integrity using encrypted instruction block signatures. We introduce several variations of the basic mechanism, and give details of three techniques that are most suitable for embedded systems. Performance evaluation using selected MiBench, Mediabench, and Basicrypt benchmarks indicates that the considered techniques impose a relatively small performance overhead. The best overall technique has performance overhead in the range 0–8%, when protecting 128-byte instruction blocks with 16-byte signatures. With 64-byte instruction blocks, the overhead is in the range 0–15%; the average overhead with 8~KB cache is 1%. With additional investment in a signature cache, this overhead can be almost completely eliminated.

Keywords: Computer architecture, embedded systems, secure computing, processor design, performance evaluation, security attacks, decryption

Journal: Journal of Embedded Computing, vol. 2, no. 1, pp. 57-76, 2006