SOFIA: Software and Control Flow Integrity Architecture

Beitrag in einer Fachzeitschrift

Details zur Publikation

Autorinnen und Autoren: de Clercq R, Götzfried J, Übler D, Maene P, Verbauwhede I
Zeitschrift: Computers & Security
Verlag: Elsevier Ltd
Jahr der Veröffentlichung: 2017
Band: 68
Seitenbereich: 16-35
ISSN: 0167-4048


Software components are frequently used in cyber-physical systems (CPSes) to control a physical mechanism, such as a valve or brakes on a car. These systems are extremely sensitive to software vulnerabilities, as their exploitation could lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture called SOFIA, which protects software running on microprocessors used in CPSes. SOFIA provides mechanisms to protect software integrity and control flow integrity. This allows the processor to defend against a large number of attacks, including code injection, code reuse, and fault-based attacks on the program counter. In addition, the architecture also defends against software copyright infringement and reverse engineering. All protection mechanisms are enforced in hardware using cryptographic techniques. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity using cryptographic techniques. A SOFIA core has been created by implementing the proposed architectural features on a LEON3 microprocessor. The SOFIA core requires that its software conforms to a strict format. To this end, we additionally designed and implemented a software toolchain to compile source code that adheres to the formatting rules. Several benchmarks were compiled with the SOFIA toolchain, and were executed on a SOFIA core running on an FPGA, showing an average total execution time overhead of 106% compared to an unmodified LEON3 core. Our hardware evaluation shows a clock speed reduction of 23.2%.

FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Götzfried, Johannes
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Einrichtungen weiterer Autorinnen und Autoren

Katholieke Universiteit Leuven (KUL) / Catholic University of Leuven


de Clercq, R., Götzfried, J., Übler, D., Maene, P., & Verbauwhede, I. (2017). SOFIA: Software and Control Flow Integrity Architecture. Computers & Security, 68, 16-35.

de Clercq, Ruan, et al. "SOFIA: Software and Control Flow Integrity Architecture." Computers & Security 68 (2017): 16-35.


Zuletzt aktualisiert 2018-18-12 um 13:50