CASTLE: Architecting Assured System-on-Chip Firmware Integrity
Sandip Raya, Atul Prasad Deb Nathb, Kshitij Rajc and Swarup Bhuniad
Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL 32611. USA
asandip@ece.ufl.edu
batulprasad@ufl.edu
ckshitijraj@ufl.edu
dswarup@ece.ufl.edu
ABSTRACT
Modern System-on-Chip (SoC) designs include a large number of embedded microcontrollers that execute custom firmware. Firmware provides the flexibility of updating security features, i.e., it enables patching or in-field update, in response to an emerging security threat, bug, or changing requirements. Unfortunately, current firmware update mechanisms are complex, manual, and error-prone. In this paper we present CASTLE, an architectural framework to enable systematic and assured updates to SoC firmware. The main workhorse of CASTLE is a centralized, dedicated IP in the SoC that is responsible for receiving, authenticating, and installing a patch. The architecture works with off-chip firmware validation flows, e.g., cloud-based service for validating a proposed patch, and identifying compatibility constraints on other resident firmware in the SoC. The result is a comprehensive infrastructure that works seamlessly across architectures, vendors, and service providers, while meeting deployment and usability requirements. We demonstrate the application of proposed framework in addressing functional and security flaws of existing firmware patching mechanisms including firmware incompatibility, inadequate authentication, and time-ofcheck vs. time-of-use (TOCTOU) constraints.
Keywords: Security Architecture, Firmware Patching, Security Policies.