A Novel Approach for a Hardware-based Secure Process Isolation in an Embedded System

Malipatlolla, Sunil
International Symposium on Security in Computing and Communications (SSCC 2013)
The need for a secure communication between two entities in a system is mandatory to protect the trustworthiness of the system. For example, consider an embedded system inside an automobile where two Electronic Control Units (ECUs) attached to a bus are communicating with each other. Such a system is rather secure against attacks from each other because the two ECUs and thus the tasks executing on them are physically separated from each other by design. However, this is not the case when two tasks, one of them being safety/security critical, execute on the same ECU in parallel because it opens an opportunity for a mutual impact by the tasks, for example, due to a shared resource such as the local memory. Thus, the goal of this contribution is to establish a secure isolation between such tasks to avoid an un-authorized communication and thus to build a trusted embedded system. Though, there exist approaches in the literature, for example, based on virtualization technology and others to address this issue, either they are only softwarebased or not suitable for embedded systems. In contrast, the proposed approach in here is not only hardware-based, which is more secure, but also lightweight in its design. In specific, the proposed approach, utilizes a security module with minimal Trusted Computing (TC) technology features tailored to the needs of a resource constrained embedded system. Additionally, a proof-of-concept implementation of the proposed approach is performed to illustrate the design feasibility.
ARAMiS – Automotive, Railway and Avionic Multicore System