Pascal Pieper, V. Herdt, Daniel Große, R. Drechsler
{"title":"Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes","authors":"Pascal Pieper, V. Herdt, Daniel Große, R. Drechsler","doi":"10.1109/DAC18072.2020.9218494","DOIUrl":null,"url":null,"abstract":"Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions.In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.","PeriodicalId":428807,"journal":{"name":"2020 57th ACM/IEEE Design Automation Conference (DAC)","volume":"74 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 57th ACM/IEEE Design Automation Conference (DAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DAC18072.2020.9218494","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions.In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.
避免安全漏洞对于嵌入式系统来说是非常重要的。动态信息流跟踪(Dynamic Information Flow Tracking, DIFT)是一种强大的技术,可以根据安全策略分析软件,从而保护系统免受各种与安全相关的攻击。然而,现有的DIFT方法要么不存在于虚拟原型(vp),要么不能对复杂的硬件/软件交互建模。在本文中,我们提出了一种新颖的方法,可以实现针对具有自定义外设的嵌入式系统的二进制文件的早期和准确的DIFT。利用SystemC框架,我们的DIFT引擎在程序执行过程中跟踪准确的数据流信息,从而在运行时检测对安全策略的违反。我们通过大量的实验证明了该方法的有效性和适用性。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
