An attack-immune trusted architecture for supervisory aircraft hardware

With the wide application of electronic hardware in aircraft such as air-to-ground communication, satellite communication, positioning system and so on, aircraft hardware is facing great secure pressure. Focusing on the secure problem of aircraft hardware, this paper proposes a supervisory control architecture based on secure System-on-a-Chip (SoC) system. The proposed architecture is attack-immune and trustworthy, which can support trusted escrow application and Dynamic Integrity Measurement (DIM) without interference. This architecture is characterized by a Trusted Monitoring System (TMS) hardware isolated from the Main Processor System (MPS), a secure access channel from TMS to the running memory of the MPS, and the channel is unidirectional. Based on this architecture, the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent (LMA) program running on MPS. By this method, the Operating System (OS) kernel, key software and data of the MPS can be dynamically measured without disturbance, which makes it difficult for adversaries to attack through software. Besides, this architecture has been fully verified on FPGA prototype system. Compared with the existing systems, our architecture achieves higher security and is more efficient on DIM, which can fully supervise the running of application and aircraft hardware OS.