Ensuring secure program execution in multiprocessor embedded systems: A case study

Multiprocessor SoCs are increasingly deployed in embedded systems with little or no security features built in. Code Injection attacks are one of the most commonly encountered security threats. Most solutions to this problem in the single processor domain are purely software based and have high overheads. A few hardware solutions have been provided for the single processor case, which significantly reduce overheads. In this paper, for the first time, we propose a methodology addressing code injection attacks in a multiprocessor domain. A dedicated security (monitor) processor is used to oversee the application at runtime. Each processor communicates with the monitor processor through a FIFO queue, and is continuously checked. Static analysis of program map and timing profile are used to obtain program information at compile time, which is utilized by the monitor processor at runtime. This information is encrypted using a secure key and stored in the monitor processor. A copy of this secure key is built into the processor´s hardware and is used for decryption by the monitor processor. Each basic block of the program is also instrumented with security information that uniquely identifies itself at runtime. The information from static analysis thus allows the monitor processor to supervise the proceedings on each processor at runtime. Our approach uses a combination of hardware and software techniques to keep overheads to a minimum. We implemented our methodology on a commercial extensible processor (Xtensa LX). Our approach successfully detects the execution of injected code when tested on a JPEG multiprocessor benchmark. The results show a small increase of 6.6% in application processors´ runtime (clock cycle count) and 35.2% in code size for the JPEG encoder benchmark.