{"title":"ProMiSE: A Programmable Hardware Monitor for Secure Execution in Zero Trust Networks","authors":"Nikhilesh Singh;Shagnik Pal;Rainer Leupers;Farhad Merchant;Chester Rebeiro","doi":"10.1109/LES.2024.3354831","DOIUrl":null,"url":null,"abstract":"With the inevitable adoption of zero trust architectures (ZTAs) for enterprise networks, there is a need to continuously gauge the security health of connected devices. This requires runtime monitoring of the devices in the network. The challenge, especially in resource-constrained environments, is to ensure trusted monitoring at a fine granularity. In this letter, we propose ProMiSE, a framework that overcomes this challenge and provides an online non-tamperable metric called trust score to quantify the security health of devices in a ZTA network. We use real-time hardware tracking of microarchitectural signals in the CPU to compute the trust score in a security co-processor that is isolated from the device’s computing stack. The trust score for each device is sent to the ZTA host for corresponding responses. We evaluate ProMiSE on an open-source RISC-V processor with different threat vectors, including ransomware, return-oriented programming (RoP) attacks, and cache-based microarchitectural attacks. We also deploy the framework on an AMD Artix 7AC701 FPGA and present the area overheads.","PeriodicalId":56143,"journal":{"name":"IEEE Embedded Systems Letters","volume":"16 4","pages":"433-436"},"PeriodicalIF":1.7000,"publicationDate":"2024-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Embedded Systems Letters","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10400817/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
With the inevitable adoption of zero trust architectures (ZTAs) for enterprise networks, there is a need to continuously gauge the security health of connected devices. This requires runtime monitoring of the devices in the network. The challenge, especially in resource-constrained environments, is to ensure trusted monitoring at a fine granularity. In this letter, we propose ProMiSE, a framework that overcomes this challenge and provides an online non-tamperable metric called trust score to quantify the security health of devices in a ZTA network. We use real-time hardware tracking of microarchitectural signals in the CPU to compute the trust score in a security co-processor that is isolated from the device’s computing stack. The trust score for each device is sent to the ZTA host for corresponding responses. We evaluate ProMiSE on an open-source RISC-V processor with different threat vectors, including ransomware, return-oriented programming (RoP) attacks, and cache-based microarchitectural attacks. We also deploy the framework on an AMD Artix 7AC701 FPGA and present the area overheads.
期刊介绍:
The IEEE Embedded Systems Letters (ESL), provides a forum for rapid dissemination of latest technical advances in embedded systems and related areas in embedded software. The emphasis is on models, methods, and tools that ensure secure, correct, efficient and robust design of embedded systems and their applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
