MPI: Memory Protection for Intermittent Computing

Batteryless devices harvest energy from sporadic ambient sources, enabling a wide range of long-lived, stand-alone, and environmentally-friendly sustainable applications. Software on these devices operates intermittently due to frequent power failures. Each power failure leads the device to lose its computational state that hinders the forward progress of computation and memory consistency. One solution to remedy this situation is to pair programs with checkpoints to save a snapshot of the intermediate program state to non-volatile memory before a power loss. Due to the lack of protection mechanisms in the state-of-the-art intermittent systems, checkpoints can be altered either by programmer errors or deliberately by an attacker. This situation leads to catastrophic effects since the program execution might be corrupted, and in turn, the device might malfunction. In this paper, we propose MPI, a memory protection mechanism for intermittent computing systems. In particular, MPI is a minimal intermittent-compliant trusted computing base acting as a hypervisor that fully manages and protects the underlying memory of a batteryless device. MPI enables a reliable and secure generation and restoration of checkpoints, maintaining their integrity and access control in the presence of remote software-based attacks without trusting the user program or requiring programmer intervention. Notable is that MPI neither requires hardware modifications nor depends on hardware features that might not exist in all batteryless platforms. Our experiments on a real batteryless platform show that MPI provides stronger security guarantees compared to the state-of-the-art approaches, with a comparable time and energy overhead.