Local-Memory-Based Integrity Checking for Embedded Systems

The Limited Local Memory (LLM) machine architecture is proposed to improve the security on a multi-core processor with a small trusted computing base (TCB). It uses one privileged core´s local memory for executing detection tools to monitor the state of a target OS running on other cores, depending on isolation of the privileged core to ensure the reliability of the detection tools. It has some characteristics fitting embedded systems, such as causing little overhead, a small TCB and requiring minimal modification on the target OS. However, in current research, the LLM architecture was only emulated in QEMU, a virtual machine monitor, and assumed a limited and somehow big space of the local memory that may rarely be equipped on embedded processors. In this paper, we apply this method to a real embedded platform with a LLM-similar hardware configuration, but equipped with a much smaller local memory. Firstly, we propose design details to apply our system to a local memory with such a small size. Then we evaluate the influence that this method would cause to the detection tools and present some hardware recommendations to make the LLM architecture more applicable on real processors. Our research can illustrate the efficiency of the LLM architecture and generalize the application of it for embedded systems by reducing the size requirement on the local memory.