Affiliations: Electrical and Computer Engineering Department,
University of Alabama in Huntsville, Huntsville, AL 35899, USA | IBM, Austin, TX 78758 USA. E-mail:
[email protected]
Abstract: Embedded system designers face a unique set of challenges in making
their systems more secure, as these systems often have stringent resource
constraints or must operate in harsh or physically insecure environments. One
of the security issues that have recently drawn attention is software
integrity, which ensures that the programs in the system have not been changed
either by an accident or an attack. In this paper we propose an efficient
hardware mechanism for runtime verification of software integrity using
encrypted instruction block signatures. We introduce several variations of the
basic mechanism, and give details of three techniques that are most suitable
for embedded systems. Performance evaluation using selected MiBench,
Mediabench, and Basicrypt benchmarks indicates that the considered techniques
impose a relatively small performance overhead. The best overall technique has
performance overhead in the range 0–8%, when protecting 128-byte
instruction blocks with 16-byte signatures. With 64-byte instruction blocks,
the overhead is in the range 0–15%; the average overhead with 8~KB cache is
1%. With additional investment in a signature cache, this overhead can be
almost completely eliminated.