A Novel Approach for a Hardware-Based Secure Process Isolation in an Embedded System

Malipatlolla, Sunil

doi:10.1007/978-3-642-40576-1_1

Sunil Malipatlolla⁵

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 377))

Included in the following conference series:

International Symposium on Security in Computing and Communication

1250 Accesses

Abstract

The need for a secure communication between two entities in a system is mandatory to protect the trustworthiness of the system. For example, consider an embedded system inside an automobile where two Electronic Control Units (ECUs) attached to a bus are communicating with each other. Such a system is rather secure against attacks from each other because the two ECUs and thus the tasks executing on them are physically separated from each other by design. However, this is not the case when two tasks, one of them being safety/security critical, execute on the same ECU in parallel because it opens an opportunity for a mutual impact by the tasks, for example, due to a shared resource such as the local memory. Thus, the goal of this contribution is to establish a secure isolation between such tasks to avoid an un-authorized communication and thus to build a trusted embedded system. Though, there exist approaches in the literature, for example, based on virtualization technology and others to address this issue, either they are only software-based or not suitable for embedded systems. In contrast, the proposed approach in here is not only hardware-based, which is more secure, but also lightweight in its design. In specific, the proposed approach, utilizes a security module with minimal Trusted Computing (TC) technology features tailored to the needs of a resource constrained embedded system. Additionally, a proof-of-concept implementation of the proposed approach is performed to illustrate the design feasibility.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Xilinx, http://www.xilinx.com/support/documentation/virtex-5.htm
Groll, A., Holle, J., Ruland, C., Wolf, M., Wollinger, T., Zweers, F.: OVERSEE - A Secure and Open Communication and Runtime Platform for Innovative Automotive Applications. In: Proc. 7th Escar Conference - Embedded Security in Cars (2009)
Google Scholar
Autosar, Org.: Specification of Crypto Service Manager (2011), http://www.autosar.org/download/R4.0/AUTOSAR_SWS_CryptoServiceManager.pdf
Behrmann, G., David, A., Larsen, K.G.: A Tutorial on Uppaal 2004-11-17. Tech. rep., Aalborg University, Denmark (November 2004)
Google Scholar
Dierks, H., Metzner, A., Stierand, I.: Efficient Model-Checking for Real-Time Task Networks. In: International Conference on Embedded Software and Systems, ICESS (2009)
Google Scholar
Dolev, D., Yao, A.C.: On the security of public key protocols. Tech. rep., Stanford, CA, USA (1981)
Google Scholar
Intel: Low Pin Count (LPC) Interface Specification. Intel Corp. (August 2002)
Google Scholar
National Institute of Standards and Technology (NIST): Secure Hash Standard, SHS (1995)
Google Scholar
National Institute of Standards and Technology (NIST): Advanced Encryption Standard, AES (2001)
Google Scholar
National Institute of Standards and Technology (NIST): The Keyed-Hash Message Authentication Code, HMAC (2002)
Google Scholar
Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proc. 15th Conf. on USENIX Security Symposium, pp. 305–320 (2006)
Google Scholar
Popp, T.: An Introduction to Implementation Attacks and Countermeasures. In: Proceedings of IEEE/ACM International Conference on Formal Methods and Models for Co-Design (MEMOCODE 2009), pp. 108–115 (2009)
Google Scholar
Trusted Computing Group, Inc.: Trusted Platform Module (TPM) specifications (2010), http://www.trustedcomputinggroup.org/resources/tpm_main_specification

Download references

Author information

Authors and Affiliations

OFFIS - Institute for Information Technology, 26121, Oldenburg, Germany
Sunil Malipatlolla

Authors

Sunil Malipatlolla
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India
Sabu M. Thampi
Department of Applied Computer Science, The University of Winnipeg, 515 Portage Avenue, R3B 2E9, Winnipeg, MB, Canada
Pradeep K. Atrey
Electrical and Computer Science Engineering Building, National Sun Yat-sen University, Kaohsiung, Taiwan R.O.C.
Chun-I Fan
Facultad de Informatica, Campus de Espinardo, s/n, 30.100, Murcia, Spain
Gregorio Martinez Perez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Malipatlolla, S. (2013). A Novel Approach for a Hardware-Based Secure Process Isolation in an Embedded System. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-40576-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics