License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECRTS.2022.18
URN: urn:nbn:de:0030-drops-163351
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2022/16335/
Go to the corresponding LIPIcs Volume Portal

Bellec, Nicolas ; Hiet, Guillaume ; Rokicki, Simon ; Tronel, Frederic ; Puaut, Isabelle

RT-DFI: Optimizing Data-Flow Integrity for Real-Time Systems

pdf-format:
LIPIcs-ECRTS-2022-18.pdf (0.9 MB)

Abstract

The emergence of Real-Time Systems with increased connections to their environment has led to a greater demand in security for these systems. Memory corruption attacks, which modify the memory to trigger unexpected executions, are a significant threat against applications written in low-level languages. Data-Flow Integrity (DFI) is a protection that verifies that only a trusted source has written any loaded data. The overhead of such a security mechanism remains a major issue that limits its adoption. This article presents RT-DFI, a new approach that optimizes Data-Flow Integrity to reduce its overhead on the Worst-Case Execution Time. We model the number and order of the checks and use an Integer Linear Programming solver to optimize the protection on the Worst-Case Execution Path. Our approach protects the program against many memory-corruption attacks, including Return-Oriented Programming and Data-Only attacks. Moreover, our experimental results show that our optimization reduces the overhead by 7% on average compared to a state-of-the-art implementation.

BibTeX - Entry

@InProceedings{bellec_et_al:LIPIcs.ECRTS.2022.18,
  author =	{Bellec, Nicolas and Hiet, Guillaume and Rokicki, Simon and Tronel, Frederic and Puaut, Isabelle},
  title =	{{RT-DFI: Optimizing Data-Flow Integrity for Real-Time Systems}},
  booktitle =	{34th Euromicro Conference on Real-Time Systems (ECRTS 2022)},
  pages =	{18:1--18:24},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-239-6},
  ISSN =	{1868-8969},
  year =	{2022},
  volume =	{231},
  editor =	{Maggio, Martina},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2022/16335},
  URN =		{urn:nbn:de:0030-drops-163351},
  doi =		{10.4230/LIPIcs.ECRTS.2022.18},
  annote =	{Keywords: Real-time system, Software security, Data-flow integrity, Worst-case execution time}
}

Keywords: Real-time system, Software security, Data-flow integrity, Worst-case execution time
Collection: 34th Euromicro Conference on Real-Time Systems (ECRTS 2022)
Issue Date: 2022
Date of publication: 28.06.2022
Supplementary Material: Software: https://gitlab.inria.fr/nbellec1/rt-dfi

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI