Abstract
Low-end embedded devices and the Internet of Things (IoT) are becoming increasingly important for our lives. They are being used in domains such as infrastructure management, and medical and healthcare systems, where business interests and our security and privacy are at stake. Yet, security mechanisms have been appallingly neglected on many IoT platforms. In this paper we present a secure access control mechanism for extremely lightweight embedded microcontrollers. Being based on Sancus, a hardware-only Trusted Computing Base and Protected Module Architecture for the embedded domain, our mechanism allows for multiple software modules on an IoT-node to securely share resources. We implement and evaluate our approach for two application scenarios, a shared memory system and a shared flash drive. Our implementation is based on a Sancus-enabled TI MSP430 microcontroller. We show that our mechanism can give high security guarantees at small runtime overheads and a moderately increased size of the Trusted Computing Base.
Chapter PDF
Similar content being viewed by others
Keywords
References
Agten, P., Strackx, R., Jacobs, B., Piessens, F.: Secure compilation to modern processors. In: IEEE CSF 2012, pp. 171–185. IEEE (2012)
Bach, M.J.: The design of the UNIX operating system, vol. 5. Prentice-Hall (1986)
Berman, A., Bourassa, V., Selberg, E.: TRON: Process-specific file protection for the UNIX operating system. In: USENIX TCON 1995, pp. 165–175. USENIX Association (1995)
Cao, Q., Abdelzaher, T., Stankovic, J., He, T.: The liteos operating system: Towards unix-like abstractions for wireless sensor networks. In: IPSN 2008, pp. 233–244. IEEE (2008)
Escolar, S., Carretero, J., Isaila, F., Lama, S.: A lightweight storage system for sensor nodes. In: PDPTA, pp. 638–644 (2008)
Farooq, M.O., Kunz, T.: Operating systems for wireless sensor networks: A survey. Sensors 11(6), 5900–5930 (2011)
Gay, D.: Matchbox: A simple filing system for motes, August 21, 2003. http://www.docs.tinyos.net/tinyos-1.x/doc/matchbox.pdf
Granjal, J., Monteiro, E., Silva, J.S.: Security in the integration of low-power wireless sensor networks with the internet: A survey. Ad Hoc Networks 24(Part A), 264–287 (2015)
Grünbacher, A.: Posix access control lists on linux. In: USENIX TCON 2003, pp. 259–272. USENIX Association (2003)
IEEE. Std 1003.1 (2004). http://pubs.opengroup.org/onlinepubs/009695399/
Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: EuroSys 2014, pp. 10:1–10:14. ACM (2014)
Liedtke, J.: On \(\mu \)-kernel construction. In: SOSP 1995, pp. 237–250. ACM (1995)
Liedtke, J.: Toward real microkernels. Comm. ACM 39(9), 70–77 (1996)
Lopez, J., Roman, R., Agudo, I., Fernandez-Gago, C.: Trust management systems for wireless sensor networks: Best practices. Comput. Commun. 33(9), 1086–1093 (2010)
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, pp. 10:1–10:1. ACM (2013)
Noorman, J., Agten, P., Daniels, W., Strackx, R., Van Herrewege, A., Huygens, C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: USENIX SEC 2013, pp. 479–494. USENIX Association (2013)
Roman, R., Najera, P., Lopez, J.: Securing the internet of things. Computer 44(9), 51–58 (2011)
Strackx, R., Noorman, J., Verbauwhede, I., Preneel, B., Piessens, F.: Protected software module architectures. In: ISSE 2013, pp. 241–251. Springer (2013)
Strackx, R., Piessens, F., Preneel, B.: Efficient isolation of trusted subsystems in embedded systems. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 344–361. Springer, Heidelberg (2010)
Tsiftes, N., Dunkels, A., He, Z., Voigt, T.: Enabling large-scale storage in sensor networks with the coffee file system. In: IPSN 2009, pp. 349–360. ACM/IEEE (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Van Bulck, J., Noorman, J., Mühlberg, J.T., Piessens, F. (2015). Secure Resource Sharing for Embedded Protected Module Architectures. In: Akram, R., Jajodia, S. (eds) Information Security Theory and Practice. WISTP 2015. Lecture Notes in Computer Science(), vol 9311. Springer, Cham. https://doi.org/10.1007/978-3-319-24018-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-24018-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24017-6
Online ISBN: 978-3-319-24018-3
eBook Packages: Computer ScienceComputer Science (R0)