Efficient isolation of trusted subsystems in embedded systems - Embedded.com

Efficient isolation of trusted subsystems in embedded systems

Many embedded systems have relatively strong security requirements because they handle confidential data or support secure electronic transactions.

A prototypical example are payment terminals.To ensure that sensitive data such as cryptographic keys cannot leak, security-critical parts of these systems are implemented as separate chips,and hence physically isolated from other parts of the system.

But isolation can also be implemented in software. Higher-end computing platforms are equipped with hardware support to facilitate the implementation of virtual memory and virtual machine monitors. However many embedded systems lack such hardware features.

In this paper, we propose a design for a generic and very lightweight hardware mechanism that can support an efficient implementation of isolation for several subsystems that share the same processor and memory space.

A prototypical application is the software implementation of cryptographic support with strong assurance on the secrecy of keys, even towards other code sharing the same processor and memory. Secure cohabitation of code from different stakeholders on the same system is also supported.

This paper proposes self-protecting modules (SPM): based on a minimal formof hardware support for memory access control.

We show how trusted subsystems can share the same processor and memory space, while still maintaining strong security properties including strong isolation guarantees between two such subsystems, and high assurance on the confidentiality of subsystem-private data. More specifically, the contributions of this paper are the following:

1. A novel memory access control model, where access to memory locations canalso depend on the value of the program counter,

2. Based on this access control model, the design of self-protecting modules, essentially software modules that can provide strong security guarantees both for the data they handle as well as for how they can be invoked by other modules,

3. A proof sketch of the security of this design, and,

4. A discussion of several application examples.

To read this external content in full, download the complete paper from the author archives online.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.