23
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers

      Preprint
      , , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices. Control-flow integrity (CFI) is a promising and generic defense technique against these attacks. However, given the nature of IoT deployments, existing protection mechanisms for traditional computing environments (including CFI) need to be adapted to the IoT setting. In this paper, we describe the challenges of enabling CFI on microcontroller (MCU) based IoT devices. We then present CaRE, the first interrupt-aware CFI scheme for low-end MCUs. CaRE uses a novel way of protecting the CFI metadata by leveraging TrustZone-M security extensions introduced in the ARMv8-M architecture. Its binary instrumentation approach preserves the memory layout of the target MCU software, allowing pre-built bare-metal binary code to be protected by CaRE. We describe our implementation on a Cortex-M Prototyping System and demonstrate that CaRE is secure while imposing acceptable performance and memory impact.

          Related collections

          Most cited references9

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          The geometry of innocent flesh on the bone

            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            Return-oriented programming without returns

              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              SoK: Eternal War in Memory

                Bookmark

                Author and article information

                Journal
                2017-06-18
                Article
                1706.05715
                fab587d1-8f72-46fe-bbf0-f5cf996adabd

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                History
                Custom metadata
                Author's version of paper to appear in the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017)
                cs.CR

                Security & Cryptology
                Security & Cryptology

                Comments

                Comment on this article