Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices

  title={Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices},
  author={Matthias Neugschwandtner and Collin Mulliner and William K. Robertson and Engin Kirda},
Entering the age of the Internet of things, embedded devices are everywhere. They are built using common hardware such as RISC-based ARM and MIPS platforms, and lightweight open software components. Because of their limited resources, such systems often lack the protection mechanisms that have been introduced to the desktop and server world. In this paper, we present BINtegrity, a novel approach for exploit mitigation that is specifically tailored towards embedded systems that are based on the… 

Watchdog Monitoring for Detecting and Handling of Control Flow Hijack on RISC-V-based Binaries

A proof of concept in IP-CFI is presented which when applied to a vulnerable program, ROP is mitigated and the target program incurs a run-time overhead of 1.5%.

Securing Dynamic Firmware Updates of Mixed-Critical Applications

This work introduces a secure framework for runtime updating of firmware in Internet of Things devices that execute mixed-critical applications that ensure a practically isolated environment for the critical firmware with negligible overhead to the device in terms of performance and cost.



ARMlock: Hardware-based Fault Isolation for ARM

ARMlock is proposed, a hardware-based fault isolation for ARM that uniquely leverages the memory domain support in ARM processors to create multiple sandboxes and imposes virtually no structural constraints on untrusted modules.

Transparent ROP Exploit Mitigation Using Indirect Branch Tracing

KBouncer, a practical runtime ROP exploit prevention technique for the protection of third-party applications based on the detection of abnormal control transfers that take place during ROP code execution, has low runtime overhead when stressed with specially crafted workloads.

Control Flow Integrity for COTS Binaries

This work demonstrates that the first work to apply CFI to complex shared libraries such as glibc is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.

Out of Control: Overcoming Control-Flow Integrity

As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its ideal

Paladin : Helping Programs Help Themselves with Internal System Call Interposition

Paladin is a simple, lightweight kernel extension that allows application developers to specify security policies on sub-components of an application and restricts trusted modules by limiting their system call behavior.

ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks

This paper presents a novel system, ROPecker, to efficiently and effectively defend against ROP attacks without relying on any other side information (e.g., source code and compiler support) or binary rewriting.

SoK: Eternal War in Memory

The current knowledge about various protection techniques are systematized by setting up a general model for memory corruption attacks, and what policies can stop which attacks are shown, to analyze the reasons why protection mechanisms implementing stricter polices are not deployed.

HAFIX: Hardware-Assisted Flow Integrity eXtension

HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

It is demonstrated that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice, and that even recently proposed defenses that specifically target C++ are vulnerable to COOP.

Code-pointer integrity

This chapter describes code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program and thereby prevents all control-flow hijack attacks that exploit memory corruption errors, including attacks that bypass control- flow integrity mechanisms, such as control-flows bending.