Implementing an ISR defense on a MIPS architecture

TítuloImplementing an ISR defense on a MIPS architecture
Tipo de publicaciónConference Paper
Year of Publication2017
AutoresSancho, LS, Barrantes, EG
Conference Name2017 XLIII Latin American Computer Conference (CLEI)
Date Published09/2017
Conference LocationCórdoba., Argentina
ISBN Number978-1-5386-3057-0
Palabras clavecode injection attacks, complex memory management, cryptography, embedded system, embedded systems, Encryption, encryption circuits, Hardware, Instruction Set Randomization, instruction sets, integrated circuit design, integrated circuit testing, Internet of Things devices ecosystem, IoT, ISR, ISR defense, microprocessor chips, microprocessor without interlocked pipeline stages, MIPS processor, Pipelines, security of data, Silicon compounds, synthetic code injection attacks, XOR encryption

Code injection attacks are an undeniable threat in today's cyberworld. Instruction Set Randomization (ISR) was initially proposed in 2003. This technique was designed to protect systems against code injection attacks by creating an unique instruction set for each machine, thanks to randomization. It is a promising technique in the growing embedded system and Internet of Things (IoT) devices ecosystem, where the lack of complex memory management make these devices more vulnerable. However, most of ISR implementations up to day are entirely software based. In this work, we implement hardware support for an ISR defense on an 32 bits, 5 pipeline stages MIPS processor (which is an embedded system compatible architecture). Two obfuscation schemes were implemented, one based on XOR encryption and the other on transposition. The hardware implementation was tested under synthetic code injection attacks and results shows the effectiveness of the defense using both encryption circuits.