Run-time attack countermeasure for IoT devices

What is it about?

Internet of Things (IoT) devices have been consistently gaining popularity and this trend is likely to continue. Due to their characteristics (e.g. constrained performance, power, and cost), security features are none or a few on IoT devices. Run-time (in-memory) attacks exploit memory vulnerabilities in machine-close languages (e.g. C/C++ and assembly) to escalate privilege or bypass safety checks. Relying on minimal security guarantees with modified hardware, this paper innovates a novel design of control-flow integrity(CFI) to effectively prevent run-time attacks on low-end IoT devices.

Featured Image

Photo by Chantha Pheuypraseuth on Unsplash

Photo by Chantha Pheuypraseuth on Unsplash

Why is it important?

Low-end devices are often based on 8- or 16-bit architecture, running at, or below, 48 MHz with less than 64 KB of memory, e.g. TI MSP430 and AVR ATMega32. Due to the tiny resources, prior work on such devices mostly focused on the attestation of control flow, which cannot defeat run-time attacks in real-time. We construct a design to thwart run-time attacks with the code semi-automatically generated with minimal hardware support. At compile-time, a few instructions are introduced to store/load control-flow-related data to/from a shadow stack (a secondary stack realized by hardware). If the stored data at compile-time does not match data at run-time, hardware triggers a reset, achieving control-flow integrity efficiently. To show its feasibility, it is built atop CASU, which guarantees software immutability with small hardware changes.