ABSTRACT
The FPGA world recently experienced significant changes with the introduction of new Systems-on-Chip (SoCs) embedding high-end microprocessors and programmable logic on the same integrated circuit. The architecture of these SoCs can be exploited to offer an unprecedented level of monitoring of the memory accesses of running software components, a key element of performance, safety and security analysis. This paper presents the hardware / software implementation of such a memory tracing tool on one of these SoCs. It also proposes example applications in the security field and two attacks --- a pass-phrase retrieval and an access control bypass --- to demonstrate the power of hardware-assisted memory tracing.
- Altera socs: When architecture matters: https://www.altera.com/products/soc/overview.html.Google Scholar
- AXI reference guide: http://www.xilinx.com/support/documentation/ip_documentation/ug761_axi_reference_guide.pdf.Google Scholar
- BusyBox: http://www.busybox.net.Google Scholar
- RAMspeed: http://alasir.com/software/ramspeed.Google Scholar
- Secbus, a hardware / software architecture protecting the external memories of an soc: https://secbus.telecom-paristech.fr/.Google Scholar
- Vivado design suite: http://www.xilinx.com/products/design-tools/vivado.html.Google Scholar
- Xilinx all programmable socs: http://www.xilinx.com/products/silicon-devices/soc.html.Google Scholar
- Zedboard community-based web site: http://zedboard.org/.Google Scholar
- M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. Technical report, DTIC Document, 2006.Google Scholar
- L. H. Crockett, R. A. Elliot, M. A. Enderwitz, and R. W. Stewart. The Zynq Book. Strathclyde Academic Media, Department of Electronic and Electrical Engineering University of Strathclyde Glasgow, Scotland, UK, 1 edition, 7 2014.Google Scholar
- A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08, pages 51--62, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- A. R. A. Grégio, P. L. de Geus, C. Kruegel, and G. Vigna. Tracking memory writes for malware classification and code reuse identification. In Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA'12, pages 134--143, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
- A. Huang. Keeping secrets in hardware: The microsoft xbox™ ; case study. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES '02, pages 213--227, London, UK, UK, 2003. Springer-Verlag. Google ScholarDigital Library
- S. Laing, M. E. Locasto, and J. Aycock. An experience report on extracting and viewing memory events via wireshark. In 8th USENIX Workshop on Offensive Technologies (WOOT 14), San Diego, CA, 2014. USENIX Association. Google ScholarDigital Library
- G. S. Lloyd, K. Y. Cheng, and M. B. Gokhale. Real-time FPGA-based Capture of Memory Traces with Application to Active Memory Emulation. Aug 2014.Google Scholar
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In In Proceedings of the 2007 Programming Language Design and Implementation Conference, 2007. Google ScholarDigital Library
- M. Payer, E. Kravina, and T. R. Gross. Lightweight memory tracing. In Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC 13), pages 115--126, San Jose, CA, 2013. USENIX. Google ScholarDigital Library
- N. L. Petroni, J. Timothy, F. Jesus, M. William, and A. Arbaugh. Copilot - a coprocessor-based kernel runtime integrity monitor. In In Proceedings of the 13th USENIX Security Symposium, pages 179--194, 2004. Google ScholarDigital Library
- TRustworthy Embedded Systems for Secure Cloud Computing Applications. Secure cloud computing applications secure cloud computing applications (trescca). http://www.trescca.eu/.Google Scholar
- R. P. Weicker. Dhrystone: A synthetic systems programming benchmark. Commun. ACM, 27(10):1013--1030, Oct. 1984. Google ScholarDigital Library
- H. Yin and D. Song. Automatic Malware Analysis: An Emulator Based Approach. Springer Publishing Company, Incorporated, 2012. Google ScholarDigital Library
- H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 116--127, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
Index Terms
- Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics
Recommendations
Compromising FPGA SoCs using malicious hardware blocks
DATE '17: Proceedings of the Conference on Design, Automation & Test in EuropeModern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art ...
Designing secure systems on reconfigurable hardware
The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often ...
Synthesizable Standard Cell FPGA Fabrics Targetable by the Verilog-to-Routing CAD Flow
Special Section on Field Programmable Logic and Applications 2015 and Regular PapersIn this article, we consider implementing field-programmable gate arrays (FPGAs) using a standard cell design methodology and present a framework for the automated generation of synthesizable FPGA fabrics. The open-source Verilog-to-Routing (VTR) FPGA ...
Comments