UCCA: A Verified Architecture for Compartmentalization of Untrusted Code Sections in Resource-Constrained Devices
- URL: http://arxiv.org/abs/2312.02348v2
- Date: Mon, 8 Jul 2024 15:49:18 GMT
- Title: UCCA: A Verified Architecture for Compartmentalization of Untrusted Code Sections in Resource-Constrained Devices
- Authors: Liam Tyler, Ivan De Oliveira Nunes,
- Abstract summary: This paper proposes, demonstrating security, and formally verifying the implementation of UCCA: an Untrusted Code Compartment Architecture.
UCCA provides flexible hardware-enforced isolation of untrusted code sections in resource-constrained and time-critical MCUs.
Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than prior related work.
- Score: 5.445001663133085
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications, from smart personal spaces to complex industrial control systems and safety-critical medical equipment. While many of these devices perform safety- and time-critical tasks, they often lack support for security features compatible with their importance to overall system functions. This lack of architectural support leaves them vulnerable to run-time attacks that can remotely alter their intended behavior, with potentially catastrophic consequences. In particular, we note that MCU software often includes untrusted third-party libraries (some of them closed-source) that are blindly used within MCU programs, without proper isolation from the rest of the system. In turn, a single vulnerability (or intentional backdoor) in one such third-party software can often compromise the entire MCU software state. In this paper, we tackle this problem by proposing, demonstrating security, and formally verifying the implementation of UCCA: an Untrusted Code Compartment Architecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections (e.g., third-party software modules) in resource-constrained and time-critical MCUs. To demonstrate UCCA's practicality, we implement an open-source version of the design on a real resource-constrained MCU: the well-known TI MSP430. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than prior related work.
Related papers
- SISSA: Real-time Monitoring of Hardware Functional Safety and
Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security.
Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication.
Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z) - SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems [36.154629422941774]
Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices.
We analyze the hardware security limitations and issues of Cortex-M systems.
We categorize the reported bugs in Cortex-M software systems.
arXiv Detail & Related papers (2024-01-27T04:09:29Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices [18.163077388258618]
Low-cost security architectures have been proposed for remote verification of their software state via integrity proofs.
This article provides a holistic and systematic treatment of this family of architectures.
It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs.
arXiv Detail & Related papers (2024-01-09T01:50:21Z) - Case Study: Securing MMU-less Linux Using CHERI [0.45539858539706424]
MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms.
We secure the existing MMU-less Linux version of the RISC-V port using CHERI.
arXiv Detail & Related papers (2023-10-02T06:56:29Z) - SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
We propose SOCI+ which significantly improves the performance of SOCI.
SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive.
Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
arXiv Detail & Related papers (2023-09-27T05:19:32Z) - Poster: Control-Flow Integrity in Low-end Embedded Devices [12.193184827858326]
This work constructs an architecture that ensures integrity of software execution against run-time attacks.
It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability.
arXiv Detail & Related papers (2023-09-19T07:52:43Z) - Reliability of fault-tolerant system architectures for automated driving
systems [0.0]
Automated driving functions at high levels of autonomy operate without driver supervision.
This requires fault-tolerant approaches using domain ECUs and multicore processors operating in lockstep mode.
The work aims to design architectures with respect to CPU and sensor number, $M$oo$N$ expression, and hardware element reliability.
arXiv Detail & Related papers (2022-10-08T14:49:35Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Wireless Communications for Collaborative Federated Learning [160.82696473996566]
Internet of Things (IoT) devices may not be able to transmit their collected data to a central controller for training machine learning models.
Google's seminal FL algorithm requires all devices to be directly connected with a central controller.
This paper introduces a novel FL framework, called collaborative FL (CFL), which enables edge devices to implement FL with less reliance on a central controller.
arXiv Detail & Related papers (2020-06-03T20:00:02Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.