10.1 SPECIAL DAY Hot Topic: Lightweight Security for Embedded Processors

Time	Label	Presentation Title Authors
11:00	10.1.1	SCALING DOWN: LIGHTWEIGHT APPROACHES TO IOT SECURITY Speaker and Author: Matthias Schunter, Intel Labs, DE Abstract The Internet of Things promises to grow to billions of connected devices over the next decade. From the perspective of security, the IoT presents unique challenges which, if left unmitigated, have the potential to significantly hinder its growth and widespread adoption. In particular, traditional security solutions do not scale down to typical IoT endpoints which are highly constrained in terms of power, performance and cost. Research conducted at the Intel Collaborative Research Institute for Secure Computing in Darmstadt, Germany is focused on enabling capabilities such as Trusted Execution and Control-flow Integrity Enforcement at the IoT endpoint level. We will survey this work and show how architectural support for security offers significant advantages over current software solutions in terms of efficiency and security. The design and implementation of proof-of-concept implementations on an Intel research architecture will be described together with an evaluation of the solutions from a performance, resource usage and security perspective.
11:30	10.1.2	SOFIA: SOFTWARE AND CONTROL FLOW INTEGRITY ARCHITECTURE Speaker: Ruan de Clercq, Katholieke Universiteit Leuven, BE Authors: Ruan de Clercq¹, Ronald De Keulenaer², Bart Coppens², Bohan Yang¹, Pieter Maene¹, Koen De Bosschere², Bart Preneel¹, Bjorn De Sutter² and Ingrid Verbauwhede¹ ¹Katholieke Universiteit Leuven, BE; ²Ghent University, BE Abstract Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features was added to the LEON3 open source soft microprocessor, and was evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and a 84.6% slower clock, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor. Download Paper (PDF; Only available from the DATE venue WiFi)
12:00	10.1.3	TRUST, BUT VERIFY: WHY AND HOW TO ESTABLISH TRUST IN EMBEDDED DEVICES Speaker and Author: Aurélien Francillon, EURECOM, FR Abstract A lot of research efforts have been put into constructing secure systems. However, experience has shown that, while there are many products which have a good level of security, others are really insecure. Some are security devices: security is at the core of their purpose; while other are not. We nevertheless often rely on the their security in our daily life and their failure can have serious consequences. In this paper, we discuss why we are in this situation and what we can do to improve the situation. In particular, we defend the thesis that more transparency and more openness in embedded systems hardware and software will foster a more secure ecosystem. First, there is an economic problem. Besides being a difficult problem to solve correctly, security is most of the times an expensive. Second, trust is something that is not blindly granted but that is earned by verifying it. Currently, trusted computing mechanisms often rely on unconditional trust on the systems manufacturer. However, users have too few ways to verify that the systems are trustworthy other than blindly trust the manufacturer. We should design systems where the users, i.e., the devices owners, can decide whom and what to trust. We call this Design For User Trust, where users are in control of the system. Finally, one can only trust a system fully if he can inspect it. Unfortunately, the first security measures that are implemented in embedded systems often prevent such an independent analysis (e.g., deactivation of a debug port, secure boot, encrypted file system, obfuscation). But such measures are more hiding the problems (making it difficult to discover software vulnerabilities) than solving it. They are often useful in securing a system (slowing down an attacker) but should not jeopardize our ability to analyze them. We call this Design For Security Testing. We conclude that more research is needed to make it easier to build secure systems, in particular, in the areas of concrete architectures for Design For User Trust and Design For Security Testing. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30		End of session Lunch Break in Großer Saal + Saal 1 Keynote Lecture in "Saal 2" 13:30 - 14:00

Time

Label

Presentation Title
Authors

11:00

10.1.1

SCALING DOWN: LIGHTWEIGHT APPROACHES TO IOT SECURITY
Speaker and Author:
Matthias Schunter, Intel Labs, DE
Abstract
The Internet of Things promises to grow to billions of connected devices over the next decade. From the perspective of security, the IoT presents unique challenges which, if left unmitigated, have the potential to significantly hinder its growth and widespread adoption. In particular, traditional security solutions do not scale down to typical IoT endpoints which are highly constrained in terms of power, performance and cost. Research conducted at the Intel Collaborative Research Institute for Secure Computing in Darmstadt, Germany is focused on enabling capabilities such as Trusted Execution and Control-flow Integrity Enforcement at the IoT endpoint level. We will survey this work and show how architectural support for security offers significant advantages over current software solutions in terms of efficiency and security. The design and implementation of proof-of-concept implementations on an Intel research architecture will be described together with an evaluation of the solutions from a performance, resource usage and security perspective.

11:30

10.1.2

SOFIA: SOFTWARE AND CONTROL FLOW INTEGRITY ARCHITECTURE
Speaker:
Ruan de Clercq, Katholieke Universiteit Leuven, BE
Authors:
Ruan de Clercq¹, Ronald De Keulenaer², Bart Coppens², Bohan Yang¹, Pieter Maene¹, Koen De Bosschere², Bart Preneel¹, Bjorn De Sutter² and Ingrid Verbauwhede¹
¹Katholieke Universiteit Leuven, BE; ²Ghent University, BE
Abstract
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features was added to the LEON3 open source soft microprocessor, and was evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and a 84.6% slower clock, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:00

10.1.3

TRUST, BUT VERIFY: WHY AND HOW TO ESTABLISH TRUST IN EMBEDDED DEVICES
Speaker and Author:
Aurélien Francillon, EURECOM, FR
Abstract
A lot of research efforts have been put into constructing secure systems. However, experience has shown that, while there are many products which have a good level of security, others are really insecure. Some are security devices: security is at the core of their purpose; while other are not. We nevertheless often rely on the their security in our daily life and their failure can have serious consequences. In this paper, we discuss why we are in this situation and what we can do to improve the situation. In particular, we defend the thesis that more transparency and more openness in embedded systems hardware and software will foster a more secure ecosystem. First, there is an economic problem. Besides being a difficult problem to solve correctly, security is most of the times an expensive. Second, trust is something that is not blindly granted but that is earned by verifying it. Currently, trusted computing mechanisms often rely on unconditional trust on the systems manufacturer. However, users have too few ways to verify that the systems are trustworthy other than blindly trust the manufacturer. We should design systems where the users, i.e., the devices owners, can decide whom and what to trust. We call this Design For User Trust, where users are in control of the system. Finally, one can only trust a system fully if he can inspect it. Unfortunately, the first security measures that are implemented in embedded systems often prevent such an independent analysis (e.g., deactivation of a debug port, secure boot, encrypted file system, obfuscation). But such measures are more hiding the problems (making it difficult to discover software vulnerabilities) than solving it. They are often useful in securing a system (slowing down an attacker) but should not jeopardize our ability to analyze them. We call this Design For Security Testing. We conclude that more research is needed to make it easier to build secure systems, in particular, in the areas of concrete architectures for Design For User Trust and Design For Security Testing.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

End of session
Lunch Break in Großer Saal + Saal 1
Keynote Lecture in "Saal 2" 13:30 - 14:00

Visit us at DATE 2016