Handling Memory Corruption Faults In Sensor Networks

Typical sensor nodes use resource constrained micro-controllers where user level applications, operating system components, device drivers, etc., reside within a single address space with no form of memory protection. A programming error in an application can easily corrupt the state of the operating system and other software components on the node. To protect against such errors, we propose a two tier software scheme that achieves: (i) coarse grained memory protection of the operating system state, and (ii) fine grained detection of memory corruption and subsequent recovery of application components. Coarse grained memory protection is provided by creating and enforcing an application fault domain that restricts the memory accesses made by an application to a portion of the address space. The operating system state is stored outside the application fault domain and is therefore protected from memory corruption. Fine grained memory corruption detection and recovery is provided within the application fault domain. Memory corruption faults are detected by a run-time integrity verifier. The associated recovery mechanism restarts only the affected application module thereby achieving a low recovery time. We have implemented our scheme in the SOS operating system and tested it on a network of MicaZ nodes. Our evaluation shows that the scheme effectively handles memory corruption faults while having negligible impact on the performance and lifetime of real sensor network systems.