# A novel lightweight hardware-assisted static instrumentation approach   for ARM SoC using debug components

**Authors:** Muhammad Abdul Wahab, Pascal Cotret, Mounir Nasr Allah, Guillaume, Hiet, Arnab Kumar Biswas, Vianney Lap\^otre, Guy Gogniat

arXiv: 1812.01667 · 2018-12-06

## TL;DR

This paper introduces a lightweight hardware-assisted static instrumentation method for ARM SoCs using debug components, enabling efficient security monitoring with minimal software modifications and low overhead.

## Contribution

It presents a novel source code level instrumentation approach leveraging hardware debug components, reducing modifications and improving performance over existing solutions.

## Key findings

- Instrumentation takes 30 μs per instruction, optimized version reduces to 0.014 μs
- Achieves ten times lower latency than traditional memory-mapped register solutions
- Demonstrates effectiveness in detecting security attacks like double free

## Abstract

Most of hardware-assisted solutions for software security, program monitoring, and event-checking approaches require instrumentation of the target software, an operation which can be performed using an SBI (Static Binary Instrumentation) or a DBI (Dynamic Binary Instrumentation) framework. Hardware-assisted instrumentation can use one of these two solutions to instrument data to a memory-mapped register. Both these approaches require an in-depth knowledge of frameworks and an important amount of software modifications in order to instrument a whole application. This work proposes a novel way to instrument an application with minor modifications, at the source code level, taking advantage of underlying hardware debug components such as CS (CoreSight) components available on Xilinx Zynq SoCs. As an example, the instrumentation approach proposed in this work is used to detect a double free security attack. Furthermore, it is evaluated in terms of runtime and area overhead. Results show that the proposed solution takes 30 $\mu$s on average to instrument an instruction while the optimized version only takes 0.014 us which is ten times better than usual memory-mapped register solutions used in existing works.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.01667/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1812.01667/full.md

## References

19 references — full list in the complete paper: https://tomesphere.com/paper/1812.01667/full.md

---
Source: https://tomesphere.com/paper/1812.01667