CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers

@article{Nyman2017CFICH,
  title={CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers},
  author={Thomas Nyman and J. Ekberg and L. Davi and N. Asokan},
  journal={ArXiv},
  year={2017},
  volume={abs/1706.05715}
}
  • Thomas Nyman, J. Ekberg, +1 author N. Asokan
  • Published 2017
  • Computer Science
  • ArXiv
  • With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. [...] Key Method CaRE uses a novel way of protecting the CFI metadata by leveraging TrustZone-M security extensions introduced in the ARMv8-M architecture. Its binary instrumentation approach preserves the memory layout of the target MCU software, allowing pre-built bare-metal binary code to be protected by CaRE. We describe our implementation on a Cortex-M Prototyping System and demonstrate…Expand Abstract
    Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices
    1
    On Runtime Software Security of TrustZone-M based IoT Devices
    µRAI: Securing Embedded Systems with Return Address Integrity
    2
    BenchIoT: A Security Benchmark for the Internet of Things
    3
    Towards Hardware-Assisted Security for IoT Systems
    TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M
    Towards Hardware-Assisted Security for IoT Systems ( Invited )

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 43 REFERENCES
    Secure interrupts on low-end microcontrollers
    10
    MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones
    145
    DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices
    14
    SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust
    180
    TrustLite: a security architecture for tiny embedded devices
    198
    Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base
    157
    Defending embedded systems against control flow attacks
    94
    SoK: Eternal War in Memory
    410
    Control-Flow Integrity for Real-Time Embedded Systems
    10