License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECRTS.2019.2
URN: urn:nbn:de:0030-drops-107397
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2019/10739/
Go to the corresponding LIPIcs Volume Portal

Walls, Robert J. ; Brown, Nicholas F. ; Le Baron, Thomas ; Shue, Craig A. ; Okhravi, Hamed ; Ward, Bryan C.

Control-Flow Integrity for Real-Time Embedded Systems

pdf-format:
LIPIcs-ECRTS-2019-2.pdf (0.5 MB)

Abstract

Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.

BibTeX - Entry

@InProceedings{walls_et_al:LIPIcs:2019:10739,
  author =	{Robert J. Walls and Nicholas F. Brown and Thomas Le Baron and Craig A. Shue and Hamed Okhravi and Bryan C. Ward},
  title =	{{Control-Flow Integrity for Real-Time Embedded Systems}},
  booktitle =	{31st Euromicro Conference on Real-Time Systems (ECRTS 2019)},
  pages =	{2:1--2:24},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-110-8},
  ISSN =	{1868-8969},
  year =	{2019},
  volume =	{133},
  editor =	{Sophie Quinton},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2019/10739},
  URN =		{urn:nbn:de:0030-drops-107397},
  doi =		{10.4230/LIPIcs.ECRTS.2019.2},
  annote =	{Keywords: Control-flow integrity}
}

Keywords: Control-flow integrity
Collection: 31st Euromicro Conference on Real-Time Systems (ECRTS 2019)
Issue Date: 2019
Date of publication: 02.07.2019

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI