Detecting memory spoofing in secure embedded systems using cache-aware FPGA guards

Embedded systems of an inherently distributed and highly replicated nature are vulnerable to a class of attacks that require local access and physical tampering. Processors using Encrypted Execution and Data (EED) technology, where instructions and data are stored in encrypted form in memory and locally decrypted, form an attractive solution for securing embedded systems, as these platforms have been shown to protect software and limit information leakage. However, numerous realistic attacks are still possible on EED platforms given the assumption of an adversary with physical access. In this paper, we present an integrated compiler and architectural approach to address a class of memory spoofing attacks, in which a sophisticated attacker is able to control off-chip buses and modify data blocks as they are loaded into the processor. Our approach, which utilizes cache boundaries to greatly simplify the integrity checking process, prevents an attacker from tampering, injecting, or replaying code and data. We make use of an on-chip reconfigurable logic component to implement our security mechanisms. This use of reconfigurable logic greatly simplifies the required hardware modifications - no changes are necessary to the CPU, cache, or off-chip memory. Our simulations on a number of benchmarks show that a high level of security can be achieved with a low performance overhead. The average overhead incurred is dependent on the cache size and type of integrity checking scheme used, but is less than 16% even for the most computationally intensive scheme. We present a hardware/software prototype mapped to a Field Programmable Gate Array (FPGA) platform in order to evaluate the space required and demonstrate the feasibility of our approach.