Embedded devices are increasingly ubiquitous and their importance is hard to overestimate. While they often support safety-critical functions (e.g., in medical devices and sensor-alarm combinations), they are usually implemented under strict cost/energy budgets, using low-end microcontroller units (MCUs) that lack sophisticated security mechanisms. Motivated by this issue, recent work developed architectures capable of generating Proofs of Execution (PoX) for the correct/expected software in potentially compromised low-end MCUs. In practice, this capability can be leveraged to provide "integrity from birth" to sensor data, by binding the sensed results/outputs to an unforgeable cryptographic proof of execution of the expected sensing process. Despite this significant progress, current PoX schemes for low-end MCUs ignore the real-time needs of many applications. In particular, security of current PoX schemes precludes any interrupts during the execution being proved. We argue that lack of asynchronous capabilities (i.e., interrupts within PoX) can obscure PoX usefulness, as several applications require processing real-time and asynchronous events. To bridge this gap, we propose, implement, and evaluate an Architecture for Secure Asynchronous Processing in PoX (ASAP). ASAP is secure under full software compromise, enables asynchronous PoX, and incurs less hardware overhead than prior work.
翻译:嵌入式装置日益普遍,其重要性难以高估,尽管这些装置往往支持安全关键功能(例如医疗装置和传感器武器组合),但通常在严格的成本/能源预算下,使用缺乏复杂安全机制的低端微控制器单位(MCUs)执行。受这一问题的驱使,最近建立的一些能够产生正确/预期软件执行证明(PoX)的架构,有可能损害低端 MCUs 的正确/预期软件。在实践中,这种能力可以用来提供“从出生到”的感官数据,将感知结果/产出与执行预期的感测过程的不可想象的加密证据捆绑在一起。尽管取得了重大的进展,但目前对低端微调控制器的PoX计划忽视了许多应用程序的实时需求。 特别是,目前的PoX计划的安全性排除了在执行过程中出现的任何中断。我们认为,缺乏无序的硬件能力(即PoX内部的中断)可能掩盖PoX系统之前的安全性机能,因为一些SAPSAP系统应用程序需要实时处理。
相关内容
微信扫码咨询专知VIP会员