Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems

Gongqi Huang; Leon Schuermann; Amit Levy

doi:10.1145/3698576.3698765

Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems

Gongqi Huang, Leon Schuermann, Amit Levy

Princeton University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Embedded and Internet of Things (IoT) devices are increasingly ubiquitous and process increasingly sensitive data. As a result, such devices must uphold security in addition to functional safety to avoid unintended information leaks. To react this change of environment, developers deploy conventional mechanisms such as memory isolation and priority scheduling to achieve aforementioned goals. While such techniques are resilient against attacks that endanger a device’s functional safety, they are less effective in maintaining security as they ignore information leaks through timing channels, such as through scheduling policy and implicit microarchitectural state. Recent advances in timing-safe systems, in turn, limit themselves to time-shared systems without parallelism. This is problematic in the face of responsiveness and real-time constraints which are often found in embedded devices. This paper explores timing-safety in the space of parallel systems. We introduce Bridge, a new system architecture featuring multiple tasks with different security concerns that can execute in parallel without leaking information due to timing interference.

Original language	American English
Title of host publication	KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification
Publisher	Association for Computing Machinery, Inc
Pages	16-22
Number of pages	7
ISBN (Electronic)	9798400713019
DOIs	https://doi.org/10.1145/3698576.3698765
State	Published - Nov 4 2024
Event	2nd Workshop on Kernel Isolation, Safety and Verification, KISV 2024 - Austin, United States Duration: Nov 3 2024 → Nov 3 2024

Publication series

Name	KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification

Conference

Conference	2nd Workshop on Kernel Isolation, Safety and Verification, KISV 2024
Country/Territory	United States
City	Austin
Period	11/3/24 → 11/3/24

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1145/3698576.3698765

Cite this

Huang, G., Schuermann, L., & Levy, A. (2024). Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems. In KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification (pp. 16-22). (KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification). Association for Computing Machinery, Inc. https://doi.org/10.1145/3698576.3698765

Huang, Gongqi ; Schuermann, Leon ; Levy, Amit. / Bridge : A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems. KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification. Association for Computing Machinery, Inc, 2024. pp. 16-22 (KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification).

@inproceedings{3d8dbf9e194a425f8a8c5ba18e6265bc,

title = "Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems",

abstract = "Embedded and Internet of Things (IoT) devices are increasingly ubiquitous and process increasingly sensitive data. As a result, such devices must uphold security in addition to functional safety to avoid unintended information leaks. To react this change of environment, developers deploy conventional mechanisms such as memory isolation and priority scheduling to achieve aforementioned goals. While such techniques are resilient against attacks that endanger a device{\textquoteright}s functional safety, they are less effective in maintaining security as they ignore information leaks through timing channels, such as through scheduling policy and implicit microarchitectural state. Recent advances in timing-safe systems, in turn, limit themselves to time-shared systems without parallelism. This is problematic in the face of responsiveness and real-time constraints which are often found in embedded devices. This paper explores timing-safety in the space of parallel systems. We introduce Bridge, a new system architecture featuring multiple tasks with different security concerns that can execute in parallel without leaking information due to timing interference.",

author = "Gongqi Huang and Leon Schuermann and Amit Levy",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 2nd Workshop on Kernel Isolation, Safety and Verification, KISV 2024 ; Conference date: 03-11-2024 Through 03-11-2024",

year = "2024",

month = nov,

day = "4",

doi = "10.1145/3698576.3698765",

language = "American English",

series = "KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification",

publisher = "Association for Computing Machinery, Inc",

pages = "16--22",

booktitle = "KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification",

}

Huang, G, Schuermann, L & Levy, A 2024, Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems. in KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification. KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification, Association for Computing Machinery, Inc, pp. 16-22, 2nd Workshop on Kernel Isolation, Safety and Verification, KISV 2024, Austin, United States, 11/3/24. https://doi.org/10.1145/3698576.3698765

Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems. / Huang, Gongqi; Schuermann, Leon; Levy, Amit.
KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification. Association for Computing Machinery, Inc, 2024. p. 16-22 (KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Bridge

T2 - 2nd Workshop on Kernel Isolation, Safety and Verification, KISV 2024

AU - Huang, Gongqi

AU - Schuermann, Leon

AU - Levy, Amit

PY - 2024/11/4

Y1 - 2024/11/4

N2 - Embedded and Internet of Things (IoT) devices are increasingly ubiquitous and process increasingly sensitive data. As a result, such devices must uphold security in addition to functional safety to avoid unintended information leaks. To react this change of environment, developers deploy conventional mechanisms such as memory isolation and priority scheduling to achieve aforementioned goals. While such techniques are resilient against attacks that endanger a device’s functional safety, they are less effective in maintaining security as they ignore information leaks through timing channels, such as through scheduling policy and implicit microarchitectural state. Recent advances in timing-safe systems, in turn, limit themselves to time-shared systems without parallelism. This is problematic in the face of responsiveness and real-time constraints which are often found in embedded devices. This paper explores timing-safety in the space of parallel systems. We introduce Bridge, a new system architecture featuring multiple tasks with different security concerns that can execute in parallel without leaking information due to timing interference.

AB - Embedded and Internet of Things (IoT) devices are increasingly ubiquitous and process increasingly sensitive data. As a result, such devices must uphold security in addition to functional safety to avoid unintended information leaks. To react this change of environment, developers deploy conventional mechanisms such as memory isolation and priority scheduling to achieve aforementioned goals. While such techniques are resilient against attacks that endanger a device’s functional safety, they are less effective in maintaining security as they ignore information leaks through timing channels, such as through scheduling policy and implicit microarchitectural state. Recent advances in timing-safe systems, in turn, limit themselves to time-shared systems without parallelism. This is problematic in the face of responsiveness and real-time constraints which are often found in embedded devices. This paper explores timing-safety in the space of parallel systems. We introduce Bridge, a new system architecture featuring multiple tasks with different security concerns that can execute in parallel without leaking information due to timing interference.

UR - http://www.scopus.com/inward/record.url?scp=85212184688&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85212184688&partnerID=8YFLogxK

U2 - 10.1145/3698576.3698765

DO - 10.1145/3698576.3698765

M3 - Conference contribution

T3 - KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification

SP - 16

EP - 22

BT - KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification

PB - Association for Computing Machinery, Inc

Y2 - 3 November 2024 through 3 November 2024

ER -

Huang G, Schuermann L, Levy A. Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems. In KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification. Association for Computing Machinery, Inc. 2024. p. 16-22. (KISV 2024 - Proceedings of the 2nd Workshop on Kernel Isolation, Safety and Verification). doi: 10.1145/3698576.3698765

Bridge: A Leak-Free Hardware-Software Architecture for Parallel Embedded Systems

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this