Seminar on Security of Embedded Electronic Systems

Home     Presentation     Previous years

Guillaume Hiet Pascal Cotret

HardBlare, a hardware/software co-design approach for Information Flow Control

One way to increase the security level of computer systems is to rely on both software and hardware mechanisms. In this context, the HardBlare project proposes a software hardware co-design methodology to ensure that security properties are preserved all along the execution of the system but also during file storage. The HardBlare project is a multidisciplinary project between CentraleSupélec IETR SCEE research team, Centrale-Supélec Inria CIDRE research team and UBS Lab-STICC laboratory. Our approach is based on Dynamic Information Flow Tracking (DIFT) that generally consists in attaching marks to denote the type of information that are saved or generated within the system. These marks are then propagated when the system evolves and information flow control is performed in order to guarantee a safe execution and storage within the system.

Existing solutions based on hardware modifications are hardly adopted in industry. This is for a large part due to the cost of these hardware modifications but also to the cost induced by the redevelopment of the whole software stack to be adapted to the specific hardware. To tackle this problem, the HardBlare project builds on top of a standard software and hardware platform. The goal is to make no modification of the main processor core and to implement hardware DIFT in a dedicated coprocessor using FPGA. The main challenge in such approach is to narrow the semantic gap between the main processor and the co-processor. To address this issue, we take profit of ARM CoreSight debug components and static analysis to reduce instrumentation time overhead. We developed an end-to-end system including a dedicated DIFT co-processor on FPGA, a modified Linux kernel with DIFT support for file system and a modified LLVM compiler to perform the static analysis of monitored software.