Securing Embedded Software using Software Dynamic Translation

Abstract

Embedded computer systems have become key building blocks of our nation's vital infrastructure. Critical systems controlled by embedded computer systems include communications systems, transportation and navigation systems, financial systems, medical systems, power distribution systems, and critical defense systems. Failure of companies of such systems can have significant consequences including disruption of critical service, financial loss, and loss of life. Because critically functionality in embedded systems in increasingly implemented via software, three important research challenges for securing these systems is to provide protection from malicious observation, making them tamper resistant, and making them more resilient to unintentional and intentional memory errors in unsafe code that could be used to compromise an embedded system. Unfortunately, securing embedded systems present several unique challenges not found in typical desktop or enterprise systems. Because of cost and power considerations, the execution environment for embedded software is often resource constrained-CPUs have limited processing power, there is often no memory management unit, and memory space is limited. Furthermore, embedded systems are frequently deployed in the field and must operate in physically insecure environments. In this position paper, we discuss software dynamic translation and its potential for protecting software from malicious observation and tampering. While software dynamic translation can also be used to provide protection from unintentional and intentional memory errors that can be used to compromise an embedded system, even a brief discussion of the needed research and challenges in that area is beyond the scope of this paper.

Document Details

Document Type

Technical Report

Publication Date

Feb 01, 2007

Accession Number

ADP023714

Entities

Tags