The reviewed record of science sign in
Pith

arxiv: 2309.10396 · v2 · pith:JSGPCJIT · submitted 2023-09-19 · cs.CR

Poster: Control-Flow Integrity in Low-end Embedded Devices

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:JSGPCJITrecord.jsonopen to challenge →

classification cs.CR
keywords devicesintegritysecurityrun-timesoftwareattackscasucontrol-flow
0
0 comments X
read the original abstract

Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for exploits and malware. Prior research proposed various security architectures for enforcing security properties for resource-constrained devices, e.g., via Remote Attestation (RA). Such techniques can (statically) verify software integrity of a remote device and detect compromise. However, run-time (dynamic) security, e.g., via Control-Flow Integrity (CFI), is hard to achieve. This work constructs an architecture that ensures integrity of software execution against run-time attacks, such as Return-Oriented Programming (ROP). It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability. We extend CASU to support a shadow stack and a CFI monitor to mitigate run-time attacks. This gives some confidence that CFI can indeed be attained even on low-end devices, with minimal hardware overhead.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.