Real-Time Streaming Data Processing Engine for Embedded Systems
Schweitzer Engineering Laboratories, Inc.
The objective of this activity was to develop a low-cost and low-overhead hardware security engine to ensure secure and reliable execution of applications that compute critical data, in spite of potential hardware and software vulnerabilities. Specifically, the security engine needs to achieve low runtime overhead, low hardware resource overhead, high source compatibility, and high binary compatibility. Our objectives were: (i) to enforce both spatial memory safety and temporal memory safety at the same time to provide high detection coverage of memory corruption attacks; (ii) efficiently transmit monitoring data collected from the main processor to the security engine so that transmission overhead is low; (iii) asynchronously check the memory safety without interrupting the normal execution of a program; and (iv) evaluate the protection technique on existing applications with minimum involvement on the developer side to convert unprotected programs into protected programs. To meet those goals, we designed the AHEMS (Asynchronously Hardware-Enforced Memory Safety) Framework to protect applications from memory corruption attacks by enforcing spatial and temporal memory safety. AHEMS has two major parts: source code instrumentation and a hardware security engine. The source code of a program is instrumented with specialized instructions to establish the interface between the program and the hardware security engine. The hardware security engine receives the memory events from the runtime monitor, checks the memory safety asynchronously using the metadata stored on the security engine, and raises exceptions if those memory events violate the memory safety. Our prototype of AHEMS achieved high coverage for memory corruption attacks (passing 676 out of 677 test cases) with as low as 10% runtime overhead. It also outperformed four other state-of-the-art approaches in terms of runtime overhead.