UCCA: A Verified Architecture for Compartmentalization of Untrusted Code Sections in Resource-Constrained Devices

• URL: http://arxiv.org/abs/2312.02348v2
• Date: Mon, 8 Jul 2024 15:49:18 GMT
• Title: UCCA: A Verified Architecture for Compartmentalization of Untrusted Code Sections in Resource-Constrained Devices
• Authors: Liam Tyler, Ivan De Oliveira Nunes,
• Abstract summary: This paper proposes, demonstrating security, and formally verifying the implementation of UCCA: an Untrusted Code Compartment Architecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections in resource-constrained and time-critical MCUs. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than prior related work.
• Score: 5.445001663133085
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications, from smart personal spaces to complex industrial control systems and safety-critical medical equipment. While many of these devices perform safety- and time-critical tasks, they often lack support for security features compatible with their importance to overall system functions. This lack of architectural support leaves them vulnerable to run-time attacks that can remotely alter their intended behavior, with potentially catastrophic consequences. In particular, we note that MCU software often includes untrusted third-party libraries (some of them closed-source) that are blindly used within MCU programs, without proper isolation from the rest of the system. In turn, a single vulnerability (or intentional backdoor) in one such third-party software can often compromise the entire MCU software state. In this paper, we tackle this problem by proposing, demonstrating security, and formally verifying the implementation of UCCA: an Untrusted Code Compartment Architecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections (e.g., third-party software modules) in resource-constrained and time-critical MCUs. To demonstrate UCCA's practicality, we implement an open-source version of the design on a real resource-constrained MCU: the well-known TI MSP430. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than prior related work.

Related papers

• Extending Lifetime of Embedded Systems by WebAssembly-based Functional Extensions Including Drivers [46.538276603099916]
  We present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers. We detail synchronous I/O and methods for embedding platform-independent peripheral configurations within Wasm binaries.
  arXiv  Detail & Related papers  (2025-03-10T17:22:00Z)
• EILID: Execution Integrity for Low-end IoT Devices [12.193184827858326]
  EILID is a hybrid architecture that ensures software execution integrity on low-end devices. It is built atop CASU, a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability.
  arXiv  Detail & Related papers  (2025-01-16T00:31:39Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• MILP-StuDio: MILP Instance Generation via Block Structure Decomposition [55.79888361191114]
  Mixed-integer linear programming (MILP) is one of the most popular mathematical formulations with numerous applications. We propose a novel MILP generation framework, called Block Structure Decomposition (MILP-StuDio), to generate high-quality instances by preserving the block structures.
  arXiv  Detail & Related papers  (2024-10-30T08:33:27Z)
• SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
  We propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
  arXiv  Detail & Related papers  (2024-09-27T02:39:55Z)
• The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach [56.4040698609393]
  Software Bill of Materials (SBOM) has been promoted as a tool to increase transparency and verifiability in software composition. Current SBOM generation tools often suffer from inaccuracies in identifying components and dependencies. We propose PIP-sbom, a novel pip-inspired solution that addresses their shortcomings.
  arXiv  Detail & Related papers  (2024-09-10T10:12:37Z)
• SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
  We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
  arXiv  Detail & Related papers  (2024-02-21T03:31:40Z)
• SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems [36.154629422941774]
  Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. We analyze the hardware security limitations and issues of Cortex-M systems. We categorize the reported bugs in Cortex-M software systems.
  arXiv  Detail & Related papers  (2024-01-27T04:09:29Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices [18.163077388258618]
  Low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs.
  arXiv  Detail & Related papers  (2024-01-09T01:50:21Z)
• Case Study: Securing MMU-less Linux Using CHERI [0.45539858539706424]
  MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. We secure the existing MMU-less Linux version of the RISC-V port using CHERI.
  arXiv  Detail & Related papers  (2023-10-02T06:56:29Z)
• Poster: Control-Flow Integrity in Low-end Embedded Devices [12.193184827858326]
  This work constructs an architecture that ensures integrity of software execution against run-time attacks. It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability.
  arXiv  Detail & Related papers  (2023-09-19T07:52:43Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.