Alejandro Mera (Northeastern University), Yi Hui Chen (Northeastern University), Ruimin Sun (Northeastern University), Engin Kirda (Northeastern University), Long Lu (Northeastern University)

Embedded and Internet-of-Things (IoT) devices have seen an increase in adoption in many domains. The security of these devices is of great importance as they are often used to control critical infrastructure, medical devices, and vehicles. Existing solutions to isolate microcontroller (MCU) resources in order to increase their security face significant challenges such as specific hardware unavailability, Memory Protection Unit (MPU) limitations and a significant lack of Direct Memory Access (DMA) support. Nevertheless, DMA is fundamental for the power and performance requirements of embedded applications.

In this paper, we present D-Box, a systematic approach to enable secure DMA operations for compartmentalization solutions of embedded applications using real-time operating systems (RTOS). D Box defines a reference architecture and a workflow to protect DMA operations holistically. It provides practical methods to harden the kernel and define capability-based security policies for easy definition of DMA operations with strong security properties. We implemented a D-Box prototype for the Cortex M3/M4 on top of the popular FreeRTOS-MPU (F-MPU). The D-Box procedures and a stricter security model enabled DMA operations, yet it exposed 41 times less ROP (return-orienting-programming) gadgets when compared with the standard F-MPU. D-Box adds only a 2% processor overhead while reducing the power consumption of peripheral operation benchmarks by 18.2%. The security properties and performance of D Box were tested and confirmed on a real-world case study of a Programmable Logic Controller (PLC) application.

View More Papers

On Utility and Privacy in Synthetic Genomic Data

Bristena Oprisanu (UCL), Georgi Ganev (UCL & Hazy), Emiliano De Cristofaro (UCL)

Read More

What the Fork? Finding and Analyzing Malware in GitHub...

Alan Cao (New York University) and Brendan Dolan-Gavitt (New York University)

Read More

Characterizing the Adoption of Security.txt Files and their Applications...

William Findlay (Carleton University) and AbdelRahman Abdou (Carleton University)

Read More

Forensic Analysis of Configuration-based Attacks

Muhammad Adil Inam (University of Illinois at Urbana-Champaign), Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Ali Ahad (University of Virginia), Adam Bates (University of Illinois at Urbana-Champaign), Rashid Tahir (University of Prince Mugrin), Tianyin Xu (University of Illinois at Urbana-Champaign), Fareed Zaffar (LUMS)

Read More