HardBlare: an efficient hardware-assisted DIFC for non-modified embedded processors
Pascal Cotret, Guillaume Hiet, Guy Gogniat, Vianney Lapotre

To cite this version:
Pascal Cotret, Guillaume Hiet, Guy Gogniat, Vianney Lapotre. HardBlare: an efficient hardware-assisted DIFC for non-modified embedded processors. CHES 2015 - Workshop on Cryptographic Hardware and Embedded Systems, Sep 2015, Saint-Malo, France. 2015. hal-01252597
HardBlare: an efficient hardware-assisted DIFC for non-modified embedded processors

Pascal Cotret\(^{\alpha}\), Guillaume Hiet\(^{\beta}\), Guy Gogniat\(^{\gamma}\) and Vianney Lapôtre\(^{\gamma}\)

\(^{\alpha}\) SCEE/IETR, CentraleSupélec, Cesson-Sévigné - FRANCE
\(^{\beta}\) CIDRE/INRIA, CentraleSupélec, Cesson-Sévigné - FRANCE
\(^{\gamma}\) Lab-STICC, University of South Brittany, Lorient - FRANCE

Information Flow Control is a security mechanism that provides security guarantees about information propagation. Other security mechanisms such as access control or cryptography can be used to limit the dissemination of confidential information and the modification of high integrity contents. However, they do not enforce end-to-end properties. They cannot control the dissemination of information once file access is allowed or the data is decrypted. In this context, HardBlare proposes a software/hardware codesign methodology to ensure that security properties are preserved all along the execution of the system but also during files storage. The general context of HardBlare is to address Dynamic Information Flow Control (DIFC) that generally consists in attaching marks (also known as tags) to denote the type of information that are saved or generated within the system.

DIFC can be achieved at the software level. This coarse-grained monitoring technique attaches labels to information containers such as files, memory pages or IPCs. However, its adoption is limited for two main reasons:

- It is incompatible with existing applications and hardware drivers.
- Main drawback, it implies large time overheads (at least, \( \times 3 \)).

That is the reason why some approaches rely on a hardware-assisted solution: hardware DIFC consists in modifying existing hardware to accelerate tags propagation and computation. Hardware mechanisms could also be used to protect tags in volatile memory. This hardware mechanism can be used directly to monitor the information flow inside applications that have been compiled into machine code. Some recent works such as [1, 2, 3, 4, 5] have already proposed hardware mechanisms for DIFC. Nevertheless, all these works rely on modifications of the processor running the main application. Kannan et al. [2] proposes a solution entirely implemented on a FPGA with a detached coprocessor aiming to speed up the DIFC controls but they do not take care of the coprocessor security at the hardware level and do not explore all possibilities that can be performed with FPGAs (partial reconfiguration, multicores use case and so on).

On a practical point of view, security solutions based on hardware and software modifications are hardly adopted. This is for a large part due to the cost of these hardware modifications but also to the cost induced by the redevelopment of the whole software stack to be adapted to this specific hardware. HardBlare tackles these issues by combining a non-modified processor core and the use standard existing OS (like Linux). This work presents an analysis of the main hardware-assisted DIFC approaches and the improvements brought by HardBlare. Furthermore, it presents new directions in the context of DIFC and first results perspectives for HardBlare mechanisms implemented on a Zynq SoC combining an ARM Cortex-A9 (ARMv7 architecture) with FPGA fabric.

Contact: pascal.cotret@centralesupelec.fr, +33(0)2.99.84.45.77
References


