Embedded system protection from software corruption

Wolff, Francis; Papachristou, C.; Weyer, Daniel; Clay, W.

doi:10.1109/ahs.2010.5546254

Cited by 5 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since the normal world has rich services and interfaces which enlarge the attack surface and lacks sufficient security protection, attackers can compromise the embedded device by utilizing software and hardware vulnerabilities and obtain permission to operate the file system, including reading, writing, and modifying database files. Moreover, an attacker can even obtain a higher privilege (e.g., root permission of the rich OS) to control the execution of the application by accessing the code and data segments of the running process via memory-oriented attacks, such as memory corruption attacks (MCA) [16], [17], [18], [19]. We summarize the threats to the embedded database system in two aspects: confidentiality and integrity.…”

Section: Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Ma,

Lu,

et al. 2024

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

In this paper, we propose BiTDB, a built-in Trusted Execution Environment (TEE) database for embedded systems, to realize higher system availability while ensuring data confidentiality. With BiTDB, dilemmas the state-of-the-art research work on secure embedded databases has to face can be significantly reduced and eliminated, including (i) complicated research and realization on searchable encryption algorithms (SEA), (ii) limited support to all database operations, and (iii) almost none of specific design and optimizations toward build-in TEE embedded databases. Through BiTDB, all database operations can process plaintext in TEE instead of retrieving on ciphertext by developing complicated SEAs. To enable BiTDB to handle database files in Rich Execution Environmen (REE) as local ones, we extend the TEE OS with generic file I/O libraries. Then, we contribute three critical optimizations to significantly reduce redundant memory and file operations between TEE and REE, and BiTDB achieve better system performance and availability in embedded systems. Finally, we have implemented the prototype system based on OP-TEE and SQLite for several typical platforms, including virtualization and hardware environments. The TPC-H test shows BiTDB can achieve 85% (on average) of the original database performance while guaranteeing data confidentiality and integrity. Our project repository is at https://github.com/CharlieMCY/BiTDB.

show abstract

Section: Threat Modelmentioning

confidence: 99%

“…However, this approach can only protect data in storage since the encrypted data needs to be restored to the plaintext before use. In this case, an attacker can easily obtain plaintext data from memory via memory-oriented attacks, such as MCAs [16], [17], [18], [19]. Figure 9-A shows such a scheme.…”

Section: Ciphertext Data Storage (Cds)mentioning

confidence: 99%

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Ma,

Lu,

et al. 2024

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

show abstract

“…In the current security mechanisms hash function is used to check program and data integrity, so program and data information is threatened by security attacks [9]. In order to prevent security attacks, to improve the computational difficulty of the hash function is an effective method for prevention of rainbow table attack due to the generating process of rainbow table.…”

Section: Prevention Of Hash Attacksmentioning

confidence: 99%

Hash Attacks Prevention for Instruction Security in Embedded Monitoring System

Wang¹,

He²,

Yang³

et al. 2016

dtetr

View full text Add to dashboard Cite

Embedded security monitoring module is a dedicated hardware that runs parallel with the embedded processor, which is used to monitor the integrity of the data and code to enhance program execution security of embedded system. It uses hardware-supported methods computing a hash value of instructions with the hash algorithm as an official reference value to prevent malicious attacks on the program code. This paper analyzed possible hash algorithm attacks on instructions, and did the prevention research for the most effective attack, the Rainbow table. In this paper we designed a protection mechanism by adding the interference information to each of instructions, making the attacker's burden greatly increase, so as to enhance the security of monitoring model, and to achieve protection of instruction information.

show abstract

“…Solutions based on hardware monitors have been also proposed. Wolff et al [34] presents a vault architecture for embedded systems to prevent the insertion of software corruptions, while Arora et. al [35] proposes a systematic methodology to design application-specific hardware monitors for any given embedded program.…”

Section: Related Workmentioning

confidence: 99%

FPGA-Based Remote-Code Integrity Verification of Programs in Distributed Embedded Systems

Basile

Carlo

Scionti

2012

IEEE Trans. Syst., Man, Cybern. C

View full text Add to dashboard Cite

The explosive growth of networked embedded systems makes ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generating attestations (proofs) of code integrity for an executing program, and for delivering them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components exploited for solving different computational problems.

show abstract

Embedded system protection from software corruption

Cited by 5 publications

References 20 publications

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Hash Attacks Prevention for Instruction Security in Embedded Monitoring System

FPGA-Based Remote-Code Integrity Verification of Programs in Distributed Embedded Systems

Contact Info

Product

Resources

About