The main goal of the HardBlare project is to propose an heterogeneous solution for embedded software security, featuring:
- A flexible approach where both software and hardware security rules can be updated dynamically in a per application basis or in order to update security rules when new threats are discovered.
- A large set of security rules.
- A persistent tag management feature relying on OS support.
- A cooperation mechanism between software static analysis and hardware information flow control to be able to monitor different types of information flow and so to address both confidentiality and integrity.
- A complete prototype of the system on a SoC platform that combines an ASIC main processor (ARM) coupled with an FPGA, such as Xilinx Zynq devices.
The first PoC (Proof-of-Concept) relies on debug components available in ARM processors (also known as CoreSight components). ARM processors allow us to transfer debug information to an internal memory (Embedded Trace Buffer) or directly to the FPGA through the Trace/Packet Output (TPIU) :
The concept is to use such components to export some data such as branching addresses to an FPGA coprocessor. Here is a representation on the PoC implementation:
In order to do so, a static analysis must be performed to create annotations about the program behavior:
The PoC should be released as a complete framework including :
- The hardware design (HDL codes and drivers)
- Software stack (Linux, coprocessor drivers, etc) released as a Yocto distribution.
The Yocto Project is a Linux Foundation Collaborative open source Project whose goal is to produce tools and processes that enable the creation of Linux distributions for embedded software that are independent of the underlying architecture of the embedded hardware.
Project partners:
- CentraleSupélec/INRIA, CIDRE research team.
- CentraleSupélec/IETR, SCEE research team.
- Lab-STICC laboratory, University of South Brittany.