軟體定義衛星透過更新FPGA韌體執行不同的衛星任務。為了遠端更新的安全性,我們提出了軟體定義衛星的防竄改系統TrustFURE。現有的更新方案致力於可恢復性、動態更新和傳輸安全,但是對韌體的攻擊缺乏考量。 TrustFURE禁用豐富執行環境(REE)中的FPGA配置介面。 TrustFURE還在可信執行環境(TEE)中實現用於FPGA更新的可信應用程式和安全驅動程式,以防止攻擊者竄改或竊取韌體。此外,為了使衛星運作可靠,TrustFURE還整合故障恢復機制,使衛星能夠自我檢測故障並恢復正常運作。最後,我們在Xilinx的ARM/FPGA系統晶片開發板上實驗並分析了我們的實作,證明了它的安全性、可靠性和低開銷。;Software defined satellites perform different space missions by updating the FPGA firmware. To perform the secure remote update, we propose TrustFURE, a tamper resistance system on software defined satellite. Existing update schemes are dedicated to recoverability, dynamic updates and transport security, but they do not consider attacks on the firmware. TrustFURE disables the FPGA configuration interface in Rich Execution Environment (REE). TrustFURE also includes trusted applications and security drivers for FPGA updates, which are implemented in Trusted Execution Environment (TEE) to prevent attackers from tampering with or stealing firmware. In addition, to make the satellite operation reliable, TrustFURE also integrates failure recovery mechanism, so that the satellite can detect its failure and return to normal operation. Finally, we evaluated our implementation on Xilinx ARM/FPGA SoC development board, illustrating its security, reliability and low overhead.
