Microcontroller Software Continuous Deployment: Secure Partial Update Realms for RIOT (PURR)
Gespeichert in:
| Titel: | Microcontroller Software Continuous Deployment: Secure Partial Update Realms for RIOT (PURR) |
|---|---|
| Autoren: | Fort, Frédéric, Forraz, Hugo, Zandberg, Koen, Grimaud, Gilles, Baccelli, Emmanuel |
| Weitere Verfasser: | Fort, Frédéric |
| Quelle: | 2025 21st International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT). :236-240 |
| Verlagsinformationen: | IEEE, 2025. |
| Publikationsjahr: | 2025 |
| Schlagwörter: | Embedded, Microcontroller, Security, Software, Update, [INFO.INFO-ES] Computer Science [cs]/Embedded Systems, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR] |
| Beschreibung: | Continuous deployment (CD) is often a bottleneck for software running on microcontrollers (MCUs). CD remains a challenge to this day because software updates for MCUs lack convenient and secure partial updates mechanisms. Updates thus remain predominantly monolithic (firmware updates). To bridge this gap, we design PURR, a solution combining a formally verified memory partition mechanism (PIP), and tiny software virtualization (rBPF) which we integrate in a common operating system (RIOT). PURR enable secure software enclaves on microcontrollers with a memory protection unit (MPU), which can be updated securely over the network, and which can eXecute in Place (XiP) a small virtual machine following the eBPF instruction set architecture. We publish an open source implementation of PURR and we provide results of benchmarks on a popular Arm Cortex-M microcontroller. Our experiments show that the additional mechanisms guaranteeing PURR enclaves' (formally verified) security enable substantial rBPF execution speed improvements, while incurring a modest memory footprint overhead. |
| Publikationsart: | Article Conference object |
| Dateibeschreibung: | application/pdf |
| DOI: | 10.1109/dcoss-iot65416.2025.00039 |
| Zugangs-URL: | https://hal.science/hal-05097033v1 |
| Rights: | STM Policy #29 |
| Dokumentencode: | edsair.doi.dedup.....1ce90a379a299f50f207d06095d76189 |
| Datenbank: | OpenAIRE |
Nájsť tento článok vo Web of Science | Abstract: | Continuous deployment (CD) is often a bottleneck for software running on microcontrollers (MCUs). CD remains a challenge to this day because software updates for MCUs lack convenient and secure partial updates mechanisms. Updates thus remain predominantly monolithic (firmware updates). To bridge this gap, we design PURR, a solution combining a formally verified memory partition mechanism (PIP), and tiny software virtualization (rBPF) which we integrate in a common operating system (RIOT). PURR enable secure software enclaves on microcontrollers with a memory protection unit (MPU), which can be updated securely over the network, and which can eXecute in Place (XiP) a small virtual machine following the eBPF instruction set architecture. We publish an open source implementation of PURR and we provide results of benchmarks on a popular Arm Cortex-M microcontroller. Our experiments show that the additional mechanisms guaranteeing PURR enclaves' (formally verified) security enable substantial rBPF execution speed improvements, while incurring a modest memory footprint overhead. |
|---|---|
| DOI: | 10.1109/dcoss-iot65416.2025.00039 |