A Lightweight Monitoring Service for Multi-core Embedded Systems

Shimada, Hiromasa; Courbot, Alexandre; Kinebuchi, Yuki; Nakajima, Tatsuo

doi:10.1109/isorc.2010.12

Cited by 9 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use an integrity checker running in xv6 that can check the system call table of the embedded Linux and the hide task rootkit that uses the DKOM mechanism to infect the Linux kernel [25]. This integrity checker occupies less than 8 Kbytes memory space and is stored in the RAM file system.…”

Section: B Evaluationmentioning

confidence: 99%

Local-Memory-Based Integrity Checking for Embedded Systems

Nakajima

2013

2013 IEEE 16th International Conference on Computational Science and Engineering

Self Cite

View full text Add to dashboard Cite

The Limited Local Memory (LLM) machine architecture is proposed to improve the security on a multi-core processor with a small trusted computing base (TCB). It uses one privileged core's local memory for executing detection tools to monitor the state of a target OS running on other cores, depending on isolation of the privileged core to ensure the reliability of the detection tools. It has some characteristics fitting embedded systems, such as causing little overhead, a small TCB and requiring minimal modification on the target OS. However, in current research, the LLM architecture was only emulated in QEMU, a virtual machine monitor, and assumed a limited and somehow big space of the local memory that may rarely be equipped on embedded processors.In this paper, we apply this method to a real embedded platform with a LLM-similar hardware configuration, but equipped with a much smaller local memory. Firstly, we propose design details to apply our system to a local memory with such a small size. Then we evaluate the influence that this method would cause to the detection tools and present some hardware recommendations to make the LLM architecture more applicable on real processors. Our research can illustrate the efficiency of the LLM architecture and generalize the application of it for embedded systems by reducing the size requirement on the local memory.

show abstract

Section: B Evaluationmentioning

confidence: 99%

Local-Memory-Based Integrity Checking for Embedded Systems

Nakajima

2013

2013 IEEE 16th International Conference on Computational Science and Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since we focus on applying our architecture to embedded systems, maybe real-time systems, it is better to use a monitoring service with the passive pattern to reduce the overhead of the guest OS. We choose a passive monitoring service that can check the entries of the Linux system call table and detect the hide task rootkit that uses the DKOM (Direct Kernel Object Manipulation) mechanism to infect the kernel data [21].…”

Section: Implementation Environmentmentioning

confidence: 99%

An Extensible Secure OS Architecture for Embedded Systems

Kinebuchi

Shimada

et al. 2013

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.

show abstract

“…Conversely, for GPOS, we offer an additional detection program, a monitoring service [17], to detect abnormal SMP Linux activities. As in some Linux rootkits that try to insert a kernel module to change the execution of important system calls or modify the system call table, GPOS intrusions could also take control of SPUMONE's interrupt manipulation or other operations.…”

Section: Additional System Protection By Auxiliary Subsystemmentioning

confidence: 99%

Robust Lightweight Embedded Virtualization Layer Design with Simple Hardware Assistance

Lin

Kinebuchi

Nakajima

2012

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYIn this paper, we propose a virtualization architecture for a multi-core embedded system to provide more system reliability and security while maintaining performance and without introducing additional special hardware supports or implementing a complex protection mechanism in the virtualization layer. Embedded systems, especially consumer electronics, have often used virtualization. Virtualization is not a new technique, as there are various uses for both GPOS (General Purpose Operating System) and RTOS (Real Time Operating System). The surge of the multicore platforms in embedded systems also helps consolidate the virtualization system for better performance and lower power consumption. Embedded virtualization design usually uses two approaches. The first is to use the traditional VMM, but it is too complicated for use in the embedded environment without additional special hardware support. The other approach uses the microkernel, which imposes a modular design. The guest systems, however, would suffer from considerable modifications in this approach, as the microkernel allows guest systems to run in the user space. For some RTOSes and their applications originally running in the kernel space, this second approach is more difficult to use because those codes use many privileged instructions. To achieve better reliability and keep the virtualization layer design lightweight, this work uses a common hardware component adopted in multi-core embedded processors. In most embedded platforms, vendors provide additional on-chip local memory for each physical core, and these local memory areas are only private to their cores. By taking advantage of this memory architecture, we can mitigate the above-mentioned problems at once. We choose to re-map the virtualization layer's program on the local memory, called SPUMONE, which runs all guest systems in the kernel space. Doing so, it can provide additional reliability and security for the entire system because the SPUMONE design in a multi-core platform has each instance installed on a separate processor core. This design differs from traditional virtualization layer design, and the content of each SPUMONE is inaccessible to the others. We also achieve this goal without adding overhead to the overall performance.

show abstract

A Lightweight Monitoring Service for Multi-core Embedded Systems

Cited by 9 publications

References 8 publications

Local-Memory-Based Integrity Checking for Embedded Systems

Local-Memory-Based Integrity Checking for Embedded Systems

An Extensible Secure OS Architecture for Embedded Systems

Robust Lightweight Embedded Virtualization Layer Design with Simple Hardware Assistance

Contact Info

Product

Resources

About