Software security remains a daunting problem and introduces even more challenges in the context of embedded systems. Their small size and pervasive use makes them vulnerable to physical attacks which can be launched after capture by an adversary and can defeat the typical security mechanisms, for remote network-based attacks. This thesis addresses the problem of protecting embedded software systems from physical attacks. Our research focuses on systems in which instructions and data are encrypted in memory and decrypted in the processor to minimize exposure to hardware sniffing or information leakage. However, several attacks on application code and data are still possible on such systems when the attacker has physical access to the system. Past approaches to this problem have provided hardware solutions, which require changes to the processor micro-architecture and the instruction set architecture. We propose an integrated hardware and software approach which requires no such changes. We design and combine novel techniques in the areas of compilers, architectures, and software security to provide a high level of security and user transparency. The architectural innovation stems from the use of an on-chip secure hardware component to implement our run-time security measures. For this purpose use an on-chip Field Programmable Gate Array (FPGA), an architecture that is now commonly available on many processor chips. By implementing all our security primitives on the FPGA we do not require any changes to the processor micro-architecture, the ISA or the memory organization. In our approach, a compiler-based software tool instruments executables and an on-chip FPGA-based hardware component provides run-time integrity and authorization checking on the executable code and application data. The use of an FPGA provides security services in a platform-independent manner and enables us to carry out application-specific compiler-driven protections. The compiler provides user transparency by hiding security details from software developers. We provide a cycle-accurate architecture simulator infrastructure to implement our techniques and to evaluate the performance impact of our approach. The low performance penalties, for high levels of code and data security, observed in our experimental results validate our approach.
|Advisor:||Narahari, Bhagirath, Simha, Rahul|
|Commitee:||Martin, Dianne, Rotenstreich, Schmuel, Williams, Yul|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||DAI-B 69/02, Dissertation Abstracts International|
|Keywords:||Embedded systems, Integrated hardware-software, Software security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be