CISPA
Browse
- No file added yet -

Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing

Download (239.23 kB)
conference contribution
posted on 2024-09-02, 11:29 authored by Eric AckermannEric Ackermann, Noah MautheNoah Mauthe, Sven BugielSven Bugiel
Direct Memory Access (DMA) increases throughput and efficiency of transfers between I/O devices and the main memory. Therein, it raises a critical security issue: How can the computer architecture enforce that devices only read from and write to the intended I/O buffers? Within the scope of this ongoing research project, we improve existing solutions to this problem by providing a byte-granular memory protection mechanism that is enforced universally for both software and hardware. Additional design goals of the prototype are compatibility with unmodified legacy devices (with full security) and operating systems (without security advantage). We target embedded real-time devices, whose architecture is particularly vulnerable to DMA attacks. Northcape, our proposed system, uses a capability-based memory protection mechanism with byte granularity. In contrast to existing protection systems, access control is implemented at the bus level in the northbridge. Thereby, the protection applies to the CPU, any accelerators and DMA peripherals in the system and protects system memory and memory-mapped I/O peripherals. Our pointer tagging-based implementation ensures compatibility with legacy 64-bit addressing schemes and an unmodified AXI system bus.

History

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Workshop on Operating Systems and Virtualization Security (OSVS)

BibTeX

@conference{Ackermann:Mauthe:Bugiel:2024, title = "Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing", author = "Ackermann, Eric" AND "Mauthe, Noah" AND "Bugiel, Sven", year = 2024, month = 7 }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC