Your search keyword '"MPU"' showing total 3 results

1. Nested compartmentalisation for constrained devices

Author

Nicolas Dejon, Gilles Grimaud, Chrystel Gaber, Orange Labs [Caen], Orange Labs, Extra Small Extra Safe (2XS), Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), and Université de Lille

Subjects

business.industry, Computer science, Distributed computing, Hypervisor, Permission, MPU, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Software, Memory management, nested compartmentalisation, Component-based software engineering, constrained devices, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, Use case, [INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS], business, Software architecture, Memory protection

Abstract

International audience; This paper presents a framework and implementation guidelines to set up nested compartmentalisation in constrained devices. All memory spaces are protected by the Memory Protection Unit (MPU). Current MPU-based systems offer efficient memory protection but are mostly tied to the fixed permission model provided by their operating system, kernel, hypervisor or by code instrumentation. New use cases evolve with the rise of the Internet of Things (IoT) ecosystems where software components could benefit from locally and dynamically established permissions. This includes a temporary nested subspace with restricted memory access rights. Our framework integrates subspace creation and management for runtime dynamic changes of the permission model for any level of abstraction. Global security policies of fixed permission models are reflected in the software architecture and the implementation of the framework. We also demonstrate the feasibility of providing nested compartmentalisation by showing how to leverage the MPU features.

Published

2021

2. From MMU to MPU: adaptation of the Pip kernel to constrained devices

Author

Nicolas Dejon, Chrystel Gaber, Gilles Grimaud, Orange Labs [Caen], Extra Small Extra Safe [2XS], Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL], Orange Labs, Extra Small Extra Safe (2XS), Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Université de Lille, and ANR-20-CYAL-0005,TinyPART,Tiny, PrivAte, Proved & isolaTed(2020)

Subjects

FOS: Computer and information sciences, memory isolation, Computer Science - Operating Systems, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Operating Systems (cs.OS), constrained devices, MPU, Pip, OS kernel, secure systems, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, [INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS]

Abstract

This article presents a hardware-based memory isolation solution for constrained devices. Existing solutions target high-end embedded systems (typically ARM Cortex-A with a Memory Management Unit, MMU) such as seL4 or Pip (formally verified kernels) or target low-end devices such as ACES, MINION, TrustLite, EwoK but with limited flexibility by proposing a single level of isolation. Our approach consists in adapting Pip to inherit its flexibility (multiple levels of isolation) but using the Memory Protection Unit (MPU) instead of the MMU since the MPU is commonly available on constrained embedded systems (typically ARMv7 Cortex-M4 or ARMv8 Cortex-M33 and similar devices). This paper describes our design of Pip-MPU (Pip's variant based on the MPU) and the rationale behind our choices. We validate our proposal with an implementation on an nRF52840 development kit and we perform various evaluations such as memory footprint, CPU cycles and energy consumption. We demonstrate that although our prototyped Pip-MPU causes a 16% overhead on both performance and energy consumption, it can reduce the attack surface of the accessible application memory from 100% down to 2% and the privileged operations by 99%. Pip-MPU takes less than 10 kB of Flash (6 kB for its core components) and 550 B of RAM., Comment: 3rd International Conference on Internet of Things & Embedded Systems (IoTE 2022), 23-23 December 2022, Sydney (Australia)

3. Evaluation d'une solution d'isolation pour objets contraints

Author

Nicolas Dejon, Chrystel Gaber, Gilles Grimaud, Orange Labs [Caen], Orange Labs, Extra Small Extra Safe (2XS), Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), and Université de Lille

Subjects

[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], évaluation, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, Pip, [INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS], MPU, objets contraints, isolation

Abstract

International audience; Dans cet article, nous présentons l'évaluation de Pip-MPU qui est une solution d'isolation qui cible les objets contraints et basée sur la Memory Protection Unit (MPU). Nous y décrivons notre banc de test et la manière dont l'évaluation a été conduite. Notre prototype de Pip-MPU prend moins de 10 Ko de Flash pour son code et 550 octets de RAM pour sa pile. Pip-MPU affiche un coût supplémentaire de 16% en terme de cycles mesurés ainsi que sur sa consommation énergétique, mais réduit la mémoire accessible d'une application jusqu'à 2% de son envergure initiale et ses opérations privilégiées de 100%.