D-Box: DMA-enabled Compartmentalization for Embedded Applications

TL;DR

D-Box introduces a systematic approach to enable secure DMA operations in embedded systems, enhancing security and performance for IoT devices using RTOS without requiring specific hardware features.

Contribution

It presents a novel architecture and workflow for securing DMA in embedded applications, with a prototype implementation on Cortex-M3/M4 using FreeRTOS-MPU.

Findings

41 times fewer ROP gadgets compared to standard F-MPU

Only 2% processor overhead introduced by D-Box

18.2% reduction in power consumption for peripheral operations

Abstract

Embedded and Internet-of-Things (IoT) devices have seen an increase in adoption in many domains. The security of these devices is of great importance as they are often used to control critical infrastructure, medical devices, and vehicles. Existing solutions to isolate microcontroller (MCU) resources in order to increase their security face significant challenges such as specific hardware unavailability, Memory Protection Unit (MPU) limitations and a significant lack of Direct Memory Access (DMA) support. Nevertheless, DMA is fundamental for the power and performance requirements of embedded applications. In this paper, we present D-Box, a systematic approach to enable secure DMA operations for compartmentalization solutions of embedded applications using real-time operating systems (RTOS). D-Box defines a reference architecture and a workflow to protect DMA operations holistically. It provides practical methods to harden the kernel and define capability-based security policies for easy definition of DMA operations with strong security properties. We implemented a D-Box prototype for the Cortex-M3/M4 on top of the popular FreeRTOS-MPU (F-MPU). The D-Box procedures and a stricter security model enabled DMA operations, yet it exposed 41 times less ROP (return-orienting-programming) gadgets when compared with the standard F-MPU. D-Box adds only a 2% processor overhead while reducing the power consumption of peripheral operation benchmarks by 18.2%. The security properties and performance of D-Box were tested and confirmed on a real-world case study of a Programmable Logic Controller (PLC) application.