SecureCore Architecture

Many safety-critical systems such as advanced avionics systems have traditionally been considered to be invulnerable against software security breaches, since, in general, such systems are physically isolated from the outside world, have limited capabilities, and also used specialized protocols. However, many recent successful security attacks on embedded control systems call for a rethink of the security of safety-critical embedded systems. The increase in performance, reduction in power consumption, and reduced sizes of systems using multicore processors makes them very attractive for use in safety-critical embedded systems. A problem with the use of multicore processors in such systems is that of shared resources – components such as caches, buses, memory, etc., are shared across the multiple cores and could result in security vulnerabilities (e.g., snooping on privileged information, denial-of-service attack, etc.). Hence, there is a need for a comprehensive solution where multicore processors could be used in safety-critical systems in a safe and secure manner.

Modern real-time embedded systems have many entry points that are vulnerable to potential attacks and they often cannot be secured completely. Hence, instead of trying to prevent intrusions at every vulnerable component, we monitor and detect intrusions at the most critical real-time applications. Specifically, we take advantage of the predictable behavior of real-time applications such as deterministic temporal properties, memory and device I/O access patterns, etc. Such behavioral predictability can enhance the security of real-time embedded systems by enforcing a strong invariant on execution behavior; a security attack would inevitably alter the run-time behavioral signature from expected baseline behavior since any malicious activity consumes system resources such as CPU cycles, memory, etc., to excute. Using a special on-chip hardware and a protected supervisory core (in the next page), our behavioral monitoring can perform a coarse-grained inspection of execution signatures such as execution time, memory traffic, etc., which incur a low overhead and thus fits best for real- time applications.

We use machine learning-based mechanisms for profiling the legitimate execution behavior of a target real-time embedded application. The major strength of such a learning mechanism is that any variability due to changes in inputs, code complexity, system effects, etc. can be captured in the resulting execution profile. For instance, one can profile the timing behavior of an application by estimating the probability distribution of execution times, using a statistical learning. At run-time, we monitor such behaviors to see if any deviations from the legitimate baseline have occurred, using the profile that are robust to the run-time noises.

The Secure Core architecture features the one-way observability and controlloability – the state of the cores under monitoring must be observable, yet the monitoring activity is invisible to them. This is realized by installing a protected on-chip hardware module, which continuously monitors the aforementioned behavioral aspects of the real-time application. Then, the SecureCore, a dedicated core (or a set of cores) which is secured by hypervisor’s virtualization, in conjunction with a hardware-based protection such as ARM’s TrustZone, runs a detection algorithm using the run- time monitoring data and the profile to find any malicious activity. Upon detection of an intrusion, the SecureCore controls the compromised core(s), for example, by reloading the clean binary or a reset, so that the system, which implements Simplex Architecture, can continue to operate safely. The use of one or more cores for improving the security of such systems is a big plus. Even though some of the resources, i.e., cores, are being used up, the increase in security that is provided as a result definitely offsets any losses in performance. Hence, the use of multicore processors in secure real-time embedded systems will be beneficial to the community.

Related Paper

  • Man-Ki Yoon, Sibin Mohan, Jaesik Choi, Jung-Eun Kim, Lui Sha, “SecureCore: A Multicore-based Intrusion Detection Architecture for Real-Time Embedded Systems,” in Proceedings of the 19th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2013), pp. 21-31, Apr. 2013.


Open Slides