TY - GEN
T1 - Processor Anchor to Increase the Robustness Against Fault Injection and Cyber Attacks
AU - Danger, Jean Luc
AU - Facon, Adrien
AU - Guilley, Sylvain
AU - Heydemann, Karine
AU - Kühne, Ulrich
AU - Merabet, Abdelmalek Si
AU - Timbert, Michaël
AU - Pecatte, Baptiste
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - One major advance in software security would be to use robust processors which could assist the code developer to thwart both cyber and physical attacks. This paper presents a hardware-based solution which increases the security by checking the integrity of executed code on any microcontroller. Unlike other Control Flow Integrity (CFI) protections, this solution does not require modifications of the CPU pipeline, but relies on monitoring the interface between the processor and its instruction cache. The integrity of the execution flow and the instruction sequences (called Basic Blocks) is checked by hardware with precomputed metadata. Another module is dedicated to speed up the access to these metadata. This paper shows the effectiveness of the solution as the impact is as much as 21% in average on the execution time at the price of using memory space to store metadata along with the code.
AB - One major advance in software security would be to use robust processors which could assist the code developer to thwart both cyber and physical attacks. This paper presents a hardware-based solution which increases the security by checking the integrity of executed code on any microcontroller. Unlike other Control Flow Integrity (CFI) protections, this solution does not require modifications of the CPU pipeline, but relies on monitoring the interface between the processor and its instruction cache. The integrity of the execution flow and the instruction sequences (called Basic Blocks) is checked by hardware with precomputed metadata. Another module is dedicated to speed up the access to these metadata. This paper shows the effectiveness of the solution as the impact is as much as 21% in average on the execution time at the price of using memory space to store metadata along with the code.
KW - Control Flow Graph
KW - Control Flow Integrity
KW - Cyber Escort Unit (CEU)
KW - Fault injection
KW - Hardware protection
UR - https://www.scopus.com/pages/publications/85102283930
U2 - 10.1007/978-3-030-68773-1_12
DO - 10.1007/978-3-030-68773-1_12
M3 - Conference contribution
AN - SCOPUS:85102283930
SN - 9783030687724
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 254
EP - 274
BT - Constructive Side-Channel Analysis and Secure Design - 11th International Workshop, COSADE 2020, Revised Selected Papers
A2 - Bertoni, Guido Marco
A2 - Regazzoni, Francesco
PB - Springer Science and Business Media Deutschland GmbH
T2 - 11th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2020
Y2 - 1 April 2020 through 3 April 2020
ER -