research-article

Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics

Authors:

Renaud PacaletAuthors Info & Claims

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Pages 461 - 470

https://doi.org/10.1145/2818000.2818030

Published: 07 December 2015 Publication History

Abstract

The FPGA world recently experienced significant changes with the introduction of new Systems-on-Chip (SoCs) embedding high-end microprocessors and programmable logic on the same integrated circuit. The architecture of these SoCs can be exploited to offer an unprecedented level of monitoring of the memory accesses of running software components, a key element of performance, safety and security analysis. This paper presents the hardware / software implementation of such a memory tracing tool on one of these SoCs. It also proposes example applications in the security field and two attacks --- a pass-phrase retrieval and an access control bypass --- to demonstrate the power of hardware-assisted memory tracing.

References

[1]

Altera socs: When architecture matters: https://www.altera.com/products/soc/overview.html.

[2]

AXI reference guide: http://www.xilinx.com/support/documentation/ip_documentation/ug761_axi_reference_guide.pdf.

[3]

BusyBox: http://www.busybox.net.

[4]

RAMspeed: http://alasir.com/software/ramspeed.

[5]

Secbus, a hardware / software architecture protecting the external memories of an soc: https://secbus.telecom-paristech.fr/.

[6]

Vivado design suite: http://www.xilinx.com/products/design-tools/vivado.html.

[7]

Xilinx all programmable socs: http://www.xilinx.com/products/silicon-devices/soc.html.

[8]

Zedboard community-based web site: http://zedboard.org/.

[9]

M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. Technical report, DTIC Document, 2006.

[10]

L. H. Crockett, R. A. Elliot, M. A. Enderwitz, and R. W. Stewart. The Zynq Book. Strathclyde Academic Media, Department of Electronic and Electrical Engineering University of Strathclyde Glasgow, Scotland, UK, 1 edition, 7 2014.

[11]

A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS '08, pages 51--62, New York, NY, USA, 2008. ACM.

Digital Library

[12]

A. R. A. Grégio, P. L. de Geus, C. Kruegel, and G. Vigna. Tracking memory writes for malware classification and code reuse identification. In Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA'12, pages 134--143, Berlin, Heidelberg, 2013. Springer-Verlag.

Digital Library

[13]

A. Huang. Keeping secrets in hardware: The microsoft xbox™ ; case study. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES '02, pages 213--227, London, UK, UK, 2003. Springer-Verlag.

Digital Library

[14]

S. Laing, M. E. Locasto, and J. Aycock. An experience report on extracting and viewing memory events via wireshark. In 8th USENIX Workshop on Offensive Technologies (WOOT 14), San Diego, CA, 2014. USENIX Association.

Digital Library

[15]

G. S. Lloyd, K. Y. Cheng, and M. B. Gokhale. Real-time FPGA-based Capture of Memory Traces with Application to Active Memory Emulation. Aug 2014.

[16]

N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In In Proceedings of the 2007 Programming Language Design and Implementation Conference, 2007.

Digital Library

[17]

M. Payer, E. Kravina, and T. R. Gross. Lightweight memory tracing. In Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC 13), pages 115--126, San Jose, CA, 2013. USENIX.

Digital Library

[18]

N. L. Petroni, J. Timothy, F. Jesus, M. William, and A. Arbaugh. Copilot - a coprocessor-based kernel runtime integrity monitor. In In Proceedings of the 13th USENIX Security Symposium, pages 179--194, 2004.

Digital Library

[19]

TRustworthy Embedded Systems for Secure Cloud Computing Applications. Secure cloud computing applications secure cloud computing applications (trescca). http://www.trescca.eu/.

[20]

R. P. Weicker. Dhrystone: A synthetic systems programming benchmark. Commun. ACM, 27(10):1013--1030, Oct. 1984.

Digital Library

[21]

H. Yin and D. Song. Automatic Malware Analysis: An Emulator Based Approach. Springer Publishing Company, Incorporated, 2012.

Digital Library

[22]

H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 116--127, New York, NY, USA, 2007. ACM.

Digital Library

Cited By

Nappa AÚbeda-Portugués APapadopoulos PVarvello MTapiador JLanzi A(2022)Scramblesuit: An effective timing side-channels framework for malware sandbox evasion1Journal of Computer Security10.3233/JCS-22000530:6(851-876)Online publication date: 23-Nov-2022
https://doi.org/10.3233/JCS-220005
Gross MJacob NZankl ASigl G(2021)Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoCJournal of Cryptographic Engineering10.1007/s13389-021-00273-812:2(181-196)Online publication date: 15-Sep-2021
https://doi.org/10.1007/s13389-021-00273-8
Nappa APapadopoulos PVarvello MGomez DTapiador JLanzi A(2021)PoW-How: An Enduring Timing Side-Channel to Evade Online Malware SandboxesComputer Security – ESORICS 202110.1007/978-3-030-88418-5_5(86-109)Online publication date: 4-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-88418-5_5
Show More Cited By

Index Terms

Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics

Recommendations

Compromising FPGA SoCs using malicious hardware blocks
DATE '17: Proceedings of the Conference on Design, Automation & Test in Europe

Modern FPGA System-on-Chips (SoCs) combine high performance application processors with reconfigurable hardware. This allows to enhance complex software systems with reconfigurable hardware accelerators. Unfortunately, even when state-of-the-art ...
Synthesizable Standard Cell FPGA Fabrics Targetable by the Verilog-to-Routing CAD Flow
Special Section on Field Programmable Logic and Applications 2015 and Regular Papers

In this article, we consider implementing field-programmable gate arrays (FPGAs) using a standard cell design methodology and present a framework for the automated generation of synthesizable FPGA fabrics. The open-source Verilog-to-Routing (VTR) FPGA ...
Designing secure systems on reconfigurable hardware

The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

December 2015

489 pages

ISBN:9781450336826

DOI:10.1145/2818000

Copyright © 2015 ACM.

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC 2015

ACSAC 2015: 2015 Annual Computer Security Applications Conference

December 7 - 11, 2015

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
262
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nappa AÚbeda-Portugués APapadopoulos PVarvello MTapiador JLanzi A(2022)Scramblesuit: An effective timing side-channels framework for malware sandbox evasion1Journal of Computer Security10.3233/JCS-22000530:6(851-876)Online publication date: 23-Nov-2022
https://doi.org/10.3233/JCS-220005
Gross MJacob NZankl ASigl G(2021)Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoCJournal of Cryptographic Engineering10.1007/s13389-021-00273-812:2(181-196)Online publication date: 15-Sep-2021
https://doi.org/10.1007/s13389-021-00273-8
Nappa APapadopoulos PVarvello MGomez DTapiador JLanzi A(2021)PoW-How: An Enduring Timing Side-Channel to Evade Online Malware SandboxesComputer Security – ESORICS 202110.1007/978-3-030-88418-5_5(86-109)Online publication date: 4-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-88418-5_5
Noll STeubner JMay NBöhm APorobic DNeumann T(2020)Analyzing memory accesses with modern processorsProceedings of the 16th International Workshop on Data Management on New Hardware10.1145/3399666.3399896(1-9)Online publication date: 15-Jun-2020
https://dl.acm.org/doi/10.1145/3399666.3399896
Gross MJacob NZankl ASigl GHong Chang CRührmair UHolcomb DSchaumont P(2019)Breaking TrustZone Memory Isolation through Malicious Hardware on a Modern FPGA-SoCProceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop10.1145/3338508.3359568(3-12)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338508.3359568
Jacob NRolfes CZankl AHeyszl JSigl G(2017)Compromising FPGA SoCs using malicious hardware blocksProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130644(1122-1127)Online publication date: 27-Mar-2017
https://dl.acm.org/doi/10.5555/3130379.3130644
Jacob NRolfes CZankl AHeyszl JSigl G(2017)Compromising FPGA SoCs using malicious hardware blocksDesign, Automation & Test in Europe Conference & Exhibition (DATE), 201710.23919/DATE.2017.7927157(1122-1127)Online publication date: Mar-2017
https://doi.org/10.23919/DATE.2017.7927157
Jacob NHeyszl JZankl ARolfes CSigl G(2017)How to Break Secure Boot on FPGA SoCs Through Malicious HardwareCryptographic Hardware and Embedded Systems – CHES 201710.1007/978-3-319-66787-4_21(425-442)Online publication date: 25-Aug-2017
https://doi.org/10.1007/978-3-319-66787-4_21

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents