USF researchers have developed an RTL design mechanism for securing embedded devices against malicious attacks. This could prevent attackers from exploiting privilege escalation and access to sensitive information such as passwords and keys and various other exploitable vulnerabilities. The “Safe Controller” works by enforcing control flow integrity (CFI) to allow the improvised control flow graph (CFG) of the controllers. Till now the traditional CFI mechanisms provided limited security in the RTL designs due to imprecise CFGs, and due to the global electronic supply chain and no central control, there has never been a tight security policy. The safe controller approach provides two complementary, transparent, and strong security policies for the RTL design by performing static analysis of the controller followed by lightweight instrumentation such that CFI is enforced in place and at runtime. For a given RTL design, analysis of state transition is performed in the controller that shows mutual exclusiveness of input conditions and identifies many false paths. Following expressions are developed that confirm precedence relations and permissible changes which are later included in the controller description. This transformation on the controller reflects that control-flow constraints are met and it can detect any exploit during RTL execution. The Safe Controller architecture enables designers to limit the actions an attacker can pursue to violate the integrity of program flow with minimal modifications in the design.
Controller instrumentation for permissible CFG transitions