TrustLite:用于微型嵌入式设备的安全架构

Proceedings of the Eleventh European Conference on Computer Systems Pub Date : 2014-04-14 DOI:10.1145/2592798.2592824

Patrick Koeberl, Steffen Schulz, A. Sadeghi, V. Varadharajan

{"title":"TrustLite:用于微型嵌入式设备的安全架构","authors":"Patrick Koeberl, Steffen Schulz, A. Sadeghi, V. Varadharajan","doi":"10.1145/2592798.2592824","DOIUrl":null,"url":null,"abstract":"Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost.\n In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems.","PeriodicalId":20737,"journal":{"name":"Proceedings of the Eleventh European Conference on Computer Systems","volume":"29 1","pages":"10:1-10:14"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"326","resultStr":"{\"title\":\"TrustLite: a security architecture for tiny embedded devices\",\"authors\":\"Patrick Koeberl, Steffen Schulz, A. Sadeghi, V. Varadharajan\",\"doi\":\"10.1145/2592798.2592824\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost.\\n In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems.\",\"PeriodicalId\":20737,\"journal\":{\"name\":\"Proceedings of the Eleventh European Conference on Computer Systems\",\"volume\":\"29 1\",\"pages\":\"10:1-10:14\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"326\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Eleventh European Conference on Computer Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2592798.2592824\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Eleventh European Conference on Computer Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2592798.2592824","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 326

摘要

嵌入式系统越来越普遍，相互依赖，在许多情况下对我们的日常生活和安全至关重要。无法承担复杂硬件安全机制的微型设备被嵌入到复杂的控制基础设施、医疗支持系统和娱乐产品中[51]。由于此类设备越来越容易受到攻击，因此需要新的硬件保护机制以低成本提供所需的弹性和依赖性。在这项工作中，我们提出了TrustLite安全体系结构，用于灵活的、硬件强制的软件模块隔离。我们描述了安全异常处理和受保护模块之间通信的机制，从而实现了与不受信任的操作系统和任务的无缝互操作性。TrustLite从提供简单的受保护固件运行时扩展到高级功能，如用户空间任务的认证和可信执行。我们的FPGA原型表明，即使在低成本的嵌入式系统上也可以实现这些功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

TrustLite: a security architecture for tiny embedded devices

Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Eleventh European Conference on Computer Systems

自引率

0.00%

发文量