TOWARDS A SECURE ADDRESS SPACE SEPARATION FOR LOW POWER SENSOR NODES

Oliver Stecklina, Peter Langendörfer, Hannes Menzel

2011

Abstract

Wireless sensor networks are becoming more and more considered for application in real world systems such as automation control, critical infrastructure protection and the like. By going wireless these systems are no longer to be protected by fences and walls but need to take into account security of all their components. In this paper we discuss two alternatives for implementing isolation on a Micro Controller Unit (MCU). The first one is a pure software solution, i.e. a Hypervisor which comes with a reasonable performance penalty when applied for 16-bit RISC processor cores such as the TI MSP430. Since it is a pure software solution it can be applied to existing MCUs without any hardware modification. Our second approach is to use a Memory Protection Unit (MPU) realized in hardware, which is placed between the processing core and the resources of the sensor node. The MPU especially supports fine-grained isolation of the sensor node software and further reduces the performance penalty compared to the pure software solution.

References

  1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. (2003). Xen and the art of virtualization. In SOSP 7803: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164-177, New York, NY, USA. ACM.
  2. Bellard, F. (2005). Qemu, a fast and portable dynamic translator. In ATEC 7805: Proceedings of the annual conference on USENIX Annual Technical Conference, pages 41-41, Berkeley, CA, USA. USENIX Association.
  3. Brumley, D. and Song, D. X. (2004). Privtrans: Automatically partitioning programs for privilege separation. In USENIX Security Symposium, pages 57-72.
  4. Cha, H., Choi, S., Jung, I., Kim, H., Shin, H., Yoo, J., and Yoon, C. (2007). RETOS: resilient, expandable, and threaded operating system for wireless sensor networks. In IPSN 7807: Proceedings of the 6th international conference on Information processing in sensor networks, pages 148-157, New York, NY, USA. ACM.
  5. Eriksson, J., Dunkels, A., Finne, N., Osterlind, F., Voigt, T., and Tsiftes, N. (2008). Demo abstract: MSPsim - an extensible simulator for MSP430-equipped sensor boards. In Proceedings of the 5th European Conference on Wireless Sensor Networks (EWSN 2008), Bologna, Italy.
  6. Francillon, A. and Castelluccia, C. (2008). Code injection attacks on harvard-architecture devices. In CCS 7808: Proceedings of the 15th ACM conference on Computer and communications security, pages 15-26, New York, NY, USA. ACM.
  7. Francillon, A., Perito, D., and Castelluccia, C. (2009). Defending embedded systems against control flow attacks. In SecuCode 7809: Proceedings of the first ACM workshop on Secure execution of untrusted code, pages 19-26, New York, NY, USA. ACM.
  8. IBM (1964). IBM system/360 principles of operation. IBM Press.
  9. Kilpatrick, D. (2003). Privman: A Library for Partitioning Applications. In USENIX Annual Technical Conference, FREENIX Track, pages 273-284.
  10. Kumar, R., Singhania, A., Castner, A., Kohler, E., and Srivastava, M. (2007). A system for coarse grained memory protection in tiny embedded processors. In DAC 7807: Proceedings of the 44th annual Design Automation Conference, pages 218-223, New York, NY, USA. ACM.
  11. Levis, P. and Culler, D. (2002). Maté: a tiny virtual machine for sensor networks. In ASPLOS-X: Proceedings of the 10th international conference on Architectural support for programming languages and operating systems, pages 85-95, New York, NY, USA. ACM.
  12. Levis, P., Madden, S., Polastre, J., Szewczyk, R., Woo, A., Gay, D., Hill, J., Welsh, M., Brewer, E., and Culler, D. (2004). TinyOS: An operating system for sensor networks. In in Ambient Intelligence. Springer Verlag.
  13. Lopriore, L. (2008). Hardware/Compiler Memory Protection in Sensor Nodes. International Journal of Communications, Network and System Sciences, 1(3):235- 240.
  14. Müller, R., Alonso, G., and Kossmann, D. (2007). A virtual machine for sensor networks. In EuroSys 7807: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007, pages 145- 158, New York, NY, USA. ACM.
  15. Stilkerich, M., Lohmann, D., and Schröder-Preikschat, W. (2010). Memory protection at option. In CARS 7810: Proceedings of the 1st Workshop on Critical Automotive applications, pages 17-20, New York, NY, USA. ACM.
  16. Thomm, I., Stilkerich, M., Wawersich, C., and SchröderPreikschat, W. (2010). Keso: an open-source multijvm for deeply embedded systems. In Proceedings of the 8th International Workshop on Java Technologies for Real-Time and Embedded Systems, JTRES 7810, pages 109-119, New York, NY, USA. ACM.
Download


Paper Citation


in Harvard Style

Stecklina O., Langendörfer P. and Menzel H. (2011). TOWARDS A SECURE ADDRESS SPACE SEPARATION FOR LOW POWER SENSOR NODES . In Proceedings of the 1st International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8425-48-5, pages 512-517. DOI: 10.5220/0003364505120517


in Bibtex Style

@conference{peccs11,
author={Oliver Stecklina and Peter Langendörfer and Hannes Menzel},
title={TOWARDS A SECURE ADDRESS SPACE SEPARATION FOR LOW POWER SENSOR NODES},
booktitle={Proceedings of the 1st International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2011},
pages={512-517},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003364505120517},
isbn={978-989-8425-48-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - TOWARDS A SECURE ADDRESS SPACE SEPARATION FOR LOW POWER SENSOR NODES
SN - 978-989-8425-48-5
AU - Stecklina O.
AU - Langendörfer P.
AU - Menzel H.
PY - 2011
SP - 512
EP - 517
DO - 10.5220/0003364505120517