Skip to content

sancus-tee/sm-access-control

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
sfs-benchmark
sfs-benchmark
 
 
sfs-example
sfs-example
 
 
sfs
sfs
 
 
README.md
README.md
 
 
benchmark.c
benchmark.c
 
 
benchmark.h
benchmark.h
 
 
common.c
common.c
 
 
common.h
common.h
 
 

Repository files navigation

Secure SM-grained Resource Sharing

This repository contains the source code accompanying the paper "Secure Resource Sharing for Embedded Protected Module Architectures" which appeared in the 2015 WISTP International Conference on Information Security Theory and Practice.

Van Bulck J., Noorman J., Mühlberg T., Piessens F. Secure resource sharing for embedded protected module architectures. In 9th WISTP International Conference on Information Security Theory and Practice (WISTP 2015), LNCS: Vol. 9311, pp. 71–87, Springer, 2015.

Paper Abstract

Low-end embedded devices and the Internet of Things (IoT) are becoming increasingly important for our lives. They are being used in domains such as infrastructure management, and medical and healthcare systems, where business interests and our security and privacy are at stake. Yet, security mechanisms have been appallingly neglected on many IoT platforms.

In this paper we present a secure access control mechanism for extremely lightweight embedded microcontrollers. Being based on Sancus, a hardware-only Trusted Computing Base and Protected Module Architecture for the embedded domain, our mechanism allows for multiple software modules on an IoT-node to securely share resources. We implement and evaluate our approach for two application scenarios, a shared memory system and a shared flash drive. Our implementation is based on a Sancus-enabled TI MSP430 microcontroller. We show that our mechanism can give high security guarantees at small runtime overheads and a moderately increased size of the Trusted Computing Base.

Source Code Overview

Instructions for building and running the programs are available at https://distrinet.cs.kuleuven.be/software/sancus/wistp2015/. The source code is organized as follows:

  • sfs: contains the Sancus File System (SFS) implementation, a modified Contiki File System (CFS) interface that provides SM-grained access control for a shared protected memory buffer or Contiki's Coffee file system for embedded peripheral flash driver.

  • sfs-benchark: contains a test program measuring and printing the number of CPU cycles needed for the various sfs functions

  • sfs-example: contains a simple test setup and Makefile to compile and use the sfs interface

  • ./benchmark.h and ./common.h are utility headers

About

Secure resource sharing for embedded protected module architectures

distrinet.cs.kuleuven.be/software/sancus/wistp2015/

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages