Schloss Dagstuhl - Leibniz-Zentrum für Informatik GmbH Schloss Dagstuhl - Leibniz-Zentrum für Informatik GmbH scholarly article en Walls, Robert J.; Brown, Nicholas F.; Le Baron, Thomas; Shue, Craig A.; Okhravi, Hamed; Ward, Bryan C. License: Creative Commons Attribution 3.0 Unported license (CC-BY 3.0)
when quoting this document, please refer to the following
URN: urn:nbn:de:0030-drops-107397

; ; ; ; ;

Control-Flow Integrity for Real-Time Embedded Systems



Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.

BibTeX - Entry

  author =	{Robert J. Walls and Nicholas F. Brown and Thomas Le Baron and Craig A. Shue and Hamed Okhravi and Bryan C. Ward},
  title =	{{Control-Flow Integrity for Real-Time Embedded Systems}},
  booktitle =	{31st Euromicro Conference on Real-Time Systems (ECRTS 2019)},
  pages =	{2:1--2:24},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-110-8},
  ISSN =	{1868-8969},
  year =	{2019},
  volume =	{133},
  editor =	{Sophie Quinton},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{},
  URN =		{urn:nbn:de:0030-drops-107397},
  doi =		{10.4230/LIPIcs.ECRTS.2019.2},
  annote =	{Keywords: Control-flow integrity}

Keywords: Control-flow integrity
Seminar: 31st Euromicro Conference on Real-Time Systems (ECRTS 2019)
Issue date: 2019
Date of publication: 02.07.2019

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI