License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECRTS.2019.2
URN: urn:nbn:de:0030-drops-107397
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2019/10739/
Walls, Robert J. ;
Brown, Nicholas F. ;
Le Baron, Thomas ;
Shue, Craig A. ;
Okhravi, Hamed ;
Ward, Bryan C.
Control-Flow Integrity for Real-Time Embedded Systems
Abstract
Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.
BibTeX - Entry
@InProceedings{walls_et_al:LIPIcs:2019:10739,
author = {Robert J. Walls and Nicholas F. Brown and Thomas Le Baron and Craig A. Shue and Hamed Okhravi and Bryan C. Ward},
title = {{Control-Flow Integrity for Real-Time Embedded Systems}},
booktitle = {31st Euromicro Conference on Real-Time Systems (ECRTS 2019)},
pages = {2:1--2:24},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-95977-110-8},
ISSN = {1868-8969},
year = {2019},
volume = {133},
editor = {Sophie Quinton},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
address = {Dagstuhl, Germany},
URL = {http://drops.dagstuhl.de/opus/volltexte/2019/10739},
URN = {urn:nbn:de:0030-drops-107397},
doi = {10.4230/LIPIcs.ECRTS.2019.2},
annote = {Keywords: Control-flow integrity}
}
Keywords: |
|
Control-flow integrity |
Collection: |
|
31st Euromicro Conference on Real-Time Systems (ECRTS 2019) |
Issue Date: |
|
2019 |
Date of publication: |
|
02.07.2019 |