Abstract

Due to limited available memory (of the order of Kilobytes) on embedded devices (such as smart cards), we undertake an approach of partitioning a whole program. The program partitions are down-loaded from the server on demand into the embedded device just before execution. We devise a novel method of partitioning the code and data of the program such that no information regarding the control flow and behavior of the program is leaked out. In other words, by observing the program partitions that are down-loaded from the server, one is unable to guess which branches are taken in the program. The partitioning scheme generates minimal safe program regions which do not reveal the control flow information when transmitted on demand but any further partitioning of which will reveal such an information. Minimal safe regions allow minimal usage of memory on the embedded device and thus enable maximal number of multiple applications to simultaneously reside on the embedded device. The minimal safe regions can be merged on demand to create larger safe regions to improve runtime efficiency. The larger the number of regions to be downloaded on the device, the lower is the performance of the application and vice-versa. Our approach handles this tradeoff between the number of simultaneous applications that would reside on the embedded device and the performance of each application. This approach is scalable both to the number of simultaneous applications and to the amount of memory available. The worst case performance degradation is shown to be below 10% with the benefit of allowing arbitrarily large/multiple applications to be deployed.