دانلود رایگان ترجمه مقاله طراحی و اجرای پردازنده امنیتی جاسازی شده مبنی بر استراتژی چندگانه – IEEE 2016
دانلود رایگان مقاله انگلیسی طراحی و پیاده سازی CPU امنیتی نهفته بر اساس استراتژی چندگانه به همراه ترجمه فارسی
عنوان فارسی مقاله: | طراحی و پیاده سازی CPU امنیتی نهفته بر اساس استراتژی چندگانه |
عنوان انگلیسی مقاله: | The Design and Implementation of Embedded Security CPU Based on Multi-strategy |
رشته های مرتبط: | مهندسی کامپیوتر، مهندسی فناوری اطلاعات، معماری سازمانی، معماری سیستم های کامپیوتری و سخت افزار کامپیوتر |
فرمت مقالات رایگان | مقالات انگلیسی و ترجمه های فارسی رایگان با فرمت PDF میباشند |
کیفیت ترجمه | کیفیت ترجمه این مقاله متوسط میباشد |
نشریه | آی تریپل ای – IEEE |
کد محصول | f429 |
مقاله انگلیسی رایگان (PDF) |
دانلود رایگان مقاله انگلیسی |
ترجمه فارسی رایگان (PDF) |
دانلود رایگان ترجمه مقاله |
خرید ترجمه با فرمت ورد |
خرید ترجمه مقاله با فرمت ورد |
جستجوی ترجمه مقالات | جستجوی ترجمه مقالات مهندسی کامپیوتر |
بخشی از ترجمه فارسی مقاله: مقدمه |
بخشی از مقاله انگلیسی: I. Introduction With the widely use of embedded systems, the security issues of embedded processors attract the increasing attentions. So far the research on embedded processor security mainly focuses on control flow monitoring, information flow tracking and memory monitoring[1]. However, most of the existing work considers them as separate dimensions, and very little work has proposed integrated approach and addressed multiple dimensions at the same time, which motivates our work. Information flow tracking[2−7], also known as information flow control or taint tracking, is an important security policy. Dynamic information flow tracking (DIFT)[8] tags the untrusted information as tainted one and tracks its propagation in a security system. The DIFT appends every word in the system memory with a label, and tags new information coming from the untrusted one as tainted information. The security system will generate a security exception, in the case of tainted information which is used in a possible insecure way, such as running a tainted Structured query language (SQL) instruction or releasing a tainted pointer. Actually, many researches on information flow tracking have been done. Information flow monitoring focused on tracking the flow of the external data into the processor (e.g. data from the General purpose input output (GPIO), serial ports, and networks), which can help prevent the illegal operations caused by these external data or program, such as stealing users’ private information stored in the system. However, the information flow monitoring mechanism doesn’t make a detailed analysis of the security of external data or programs. It only decides which data taint needs to propagate, and decides which data needs to be checked when checking the taint. Although the mechanism of information flow monitoring can detect some common attacks, it may result in the high false positive rate for other safety program in the system. In addition, in order to detect a certain type of attacks, it needs to configure a Taint propagation register (TPR) and a Taint detection register (TDR), if the type of attack changes, both of them need to be changed accordingly, which undoubtedly limits its flexibility. Memory monitoring mechanism[9−13] achieves the purpose of detecting malicious attacks by protecting data space when the program runs and preventing malicious code from unauthorized modification of data space of a program. The program’s data space includes stack section, heap section, global data section and text section. Implementing memory monitoring strategy in the embedded processor can prevent many common buffer overflow attacks, such as stack overflow attacks and heap overflow attacks. There are several hardware-based methods of memory monitoring. Memory monitoring needs to make a detailed analysis about the security of a program itself, including the type of instructions executed and the boundary information of the program’s data space, which determine whether the instructions executed have threats on the program’s data space. However, the process of compiling source code written by advanced programming language into machine instructions has a great relationship with the type of compiler. For a given passage of source code written by advanced programming language, the machine instruction compiled by different compiler may be different. Then the result analyzed by the memory monitoring module may also be different, which may lead to a high false positive rate and a high false negative rate. The above analysis shows that, in embedded systems, a single memory monitoring strategies is not enough to prevent all the malicious attacks. In summary, the above three methods can improve the security of embedded processors with their own characteristics and advantages/disadvantages. Based on the above analysis, we give full consideration to their own strengths of information flow tracking and memory monitoring and combine them together. We design the information flow monitoring by modifying the Register transfer level (RTL) code of the kernel Integer unit (IU) and adding the TCR at the kernel IU. The information flow monitoring provides the functionality of classifying all kinds of attacks, capability of flexibly programming security policies, and capability of simultaneous multi-attack defending at very low cost. We implement the memory monitoring by adding a hardware module which runs in parallel with the embedded processor and it can effectively detect common buffer overflow attacks. Finally, we mapped our design to an FPGA development board and developed a prototype system. In order to make better use of these two methods, we adjust the security level of information flow tracking. Experimental results show that compared with a single strategy of information flow tracking and single strategy of memory monitoring, our multi-strategy can effectively detect more kinds of attacks at run time, which takes advantages of both the information flow tracking and memory monitoring, then enhances the overall security of embedded systems. |