Implementing an ISR defense on a MIPS architecture

Tipo de publicación: Conference Paper

Publicado en: 2017 XLIII Latin American Computer Conference (CLEI)

  • L. S. Sancho
  • E. G. Barrantes

Investigadores del CITIC asociados a la publicación
Dra. E. Gabriela Barrantes Sliesarieva

Proyecto asociado a la publicación
Proyecto sombrilla

Palabras claves
  • code injection attacks
  • complex memory management
  • cryptography
  • embedded system
  • embedded systems
  • Encryption
  • encryption circuits
  • Hardware
  • Instruction Set Randomization
  • instruction sets
  • integrated circuit design
  • integrated circuit testing
  • Internet of Things devices ecosystem
  • IoT
  • ISR
  • ISR defense
  • microprocessor chips
  • microprocessor without interlocked pipeline stages
  • MIPS processor
  • Pipelines
  • security of data
  • Silicon compounds
  • synthetic code injection attacks
  • XOR encryption

Code injection attacks are an undeniable threat in today's cyberworld. Instruction Set Randomization (ISR) was initially proposed in 2003. This technique was designed to protect systems against code injection attacks by creating an unique instruction set for each machine, thanks to randomization. It is a promising technique in the growing embedded system and Internet of Things (IoT) devices ecosystem, where the lack of complex memory management make these devices more vulnerable. However, most of ISR implementations up to day are entirely software based. In this work, we implement hardware support for an ISR defense on an 32 bits, 5 pipeline stages MIPS processor (which is an embedded system compatible architecture). Two obfuscation schemes were implemented, one based on XOR encryption and the other on transposition. The hardware implementation was tested under synthetic code injection attacks and results shows the effectiveness of the defense using both encryption circuits.


Datos bibliográficos
Cita bibliográfica
Implementing an ISR defense on a MIPS architecture