Securing Real-Time Microcontroller Systems through Customized Memory View Switching
Proceedings of the 25th Network and Distributed System Security Symposium (NDSS) 2018.
Program Analysis, Operating Systems, Cyber-Physical Systems, Security
Real-time microcontrollers have been widely adopted in cyber-physical systems that require both real-time and security guarantees. Unfortunately, security is sometimes traded for real-time performance in such systems. Notably, memory isolation, which is one of the most established security features in modern computer systems, is typically not available in many real-time microcontroller systems due to its negative impacts on performance and violation of real-time constraints. As such, the memory space of these systems has created an open, monolithic attack surface that attackers can target to subvert the entire systems. In this paper, we present Minion, a security architecture that intends to virtually partition the memory space and enforce memory access control of a real-time microcontroller. Minion can automatically identify the reachable memory regions of real-time processes through off-line static analysis on the system's firmware and conduct run-time memory access control through hardware-based enforcement. Our evaluation results demonstrate that, by significantly reducing the memory space that each process can access, Minion can effectively protect a microcontroller from various attacks that were previously viable. In addition, unlike conventional memory isolation mechanisms that might incur substantial performance overhead, the lightweight design of Minion is able to maintain the real-time properties of the microcontroller.