Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes

Pascal Pieper; Vladimir Herdt; Daniel Große; Rolf Drechsler

Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes

Pascal Pieper
, Vladimir Herdt
, Daniel Große
, Rolf Drechsler

Institute of Complex Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions. In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.

Original language	English
Title of host publication	Design Automation Conference (DAC)
Number of pages	6
Publication status	Published - 2020

Fields of science

202005 Computer architecture
202017 Embedded systems
102 Computer Sciences
102005 Computer aided design (CAD)
102011 Formal languages

JKU Focus areas

Sustainable Development: Responsible Technologies and Management

Cite this

@inproceedings{4a6ff84e46c04106ae48caac260d87db,

title = "Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes",

abstract = "Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions. In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.",

author = "Pascal Pieper and Vladimir Herdt and Daniel Gro{\ss}e and Rolf Drechsler",

year = "2020",

language = "English",

booktitle = "Design Automation Conference (DAC)",

}

TY - GEN

T1 - Dynamic Information Flow Tracking for Embedded Binaries using SystemC-based Virtual Prototypes

AU - Pieper, Pascal

AU - Herdt, Vladimir

AU - Große, Daniel

AU - Drechsler, Rolf

PY - 2020

Y1 - 2020

N2 - Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions. In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.

AB - Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions. In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.

M3 - Conference proceedings

BT - Design Automation Conference (DAC)

ER -