TY - GEN
T1 - Software-based gate-level information flow security for IoT systems
AU - Cherupalli, Hari
AU - Duwe, Henry
AU - Ye, Weidong
AU - Kumar, Rakesh
AU - Sartori, John M
PY - 2017/10/14
Y1 - 2017/10/14
N2 - The growing movement to connect literally everything to the internet (internet of things or IoT) through ultra-low-power embedded microprocessors poses a critical challenge for information security. Gate-level tracking of information flows has been proposed to guarantee information flow security in computer systems. However, such solutions rely on non-commodity, secure-by-design processors. In this work, we observe that the need for secure-by-design processors arises because previous works on gate-level information flow tracking assume no knowledge of the application running in a system. Since IoT systems typically run a single application over and over for the lifetime of the system, we see a unique opportunity to provide application-specific gate-level information flow security for IoT systems. We develop a gate-level symbolic analysis framework that uses knowledge of the application running in a system to efficiently identify all possible information flow security vulnerabilities for the system. We leverage this information to provide security guarantees on commodity processors. We also show that security vulnerabilities identified by our analysis framework can be eliminated through software modifications at 15% energy overhead, on average, obviating the need for secure-by-design hardware. Our framework also allows us to identify and eliminate only the vulnerabilities that an application is prone to, reducing the cost of information flow security by 3.3× compared to a software-based approach that assumes no application knowledge.
AB - The growing movement to connect literally everything to the internet (internet of things or IoT) through ultra-low-power embedded microprocessors poses a critical challenge for information security. Gate-level tracking of information flows has been proposed to guarantee information flow security in computer systems. However, such solutions rely on non-commodity, secure-by-design processors. In this work, we observe that the need for secure-by-design processors arises because previous works on gate-level information flow tracking assume no knowledge of the application running in a system. Since IoT systems typically run a single application over and over for the lifetime of the system, we see a unique opportunity to provide application-specific gate-level information flow security for IoT systems. We develop a gate-level symbolic analysis framework that uses knowledge of the application running in a system to efficiently identify all possible information flow security vulnerabilities for the system. We leverage this information to provide security guarantees on commodity processors. We also show that security vulnerabilities identified by our analysis framework can be eliminated through software modifications at 15% energy overhead, on average, obviating the need for secure-by-design hardware. Our framework also allows us to identify and eliminate only the vulnerabilities that an application is prone to, reducing the cost of information flow security by 3.3× compared to a software-based approach that assumes no application knowledge.
KW - Hardwaresoftware co-analysis
KW - Information flow
KW - Internet of Things
KW - Security
KW - Ultra-low-power processors
UR - http://www.scopus.com/inward/record.url?scp=85034039306&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85034039306&partnerID=8YFLogxK
U2 - 10.1145/3123939.3123955
DO - 10.1145/3123939.3123955
M3 - Conference contribution
AN - SCOPUS:85034039306
T3 - Proceedings of the Annual International Symposium on Microarchitecture, MICRO
SP - 328
EP - 340
BT - MICRO 2017 - 50th Annual IEEE/ACM International Symposium on Microarchitecture Proceedings
PB - IEEE Computer Society
T2 - 50th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2017
Y2 - 14 October 2017 through 18 October 2017
ER -