Journal ArticleDOI
Stack Redundancy to Thwart Return Oriented Programming in Embedded Systems
Cyril Bresch,David Hely,Athanasios Papadimitriou,Adrien Michelet-Gignoux,Laurent Amato,Thomas Meyer +5 more
Reads0
Chats0
TLDR
A hardware-based countermeasure against return address corruption in the processor stack is proposed and validated on the OpenRISC core with a minimal hardware modification of the targeted core and an easy integration at the application level.Abstract:
With the emergence of Internet of Things, embedded devices are increasingly the target of software attacks. The aim of these attacks is to maliciously modify the behavior of the software being executed by the device. The work presented in this letter has been developed for the Cyber Security Awareness Week Embedded Security Challenge. This contest focuses on memory corruption issues, such as stack overflow vulnerabilities. These low level vulnerabilities are the result of code errors. Once exploited, they allow an attacker to write arbitrary data in memory without limitations. We detail in this letter a hardware-based countermeasure against return address corruption in the processor stack. First, several exploitation techniques targeting stack return addresses are discussed, whereas a lightweight hardware countermeasure is proposed and validated on the OpenRISC core. The countermeasure presented follows the shadow stack concept with a minimal hardware modification of the targeted core and an easy integration at the application level.read more
Citations
More filters
Proceedings ArticleDOI
FIXER: Flow Integrity Extensions for Embedded RISC-V
TL;DR: In this paper, the authors propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against buffer overflow and return-oriented programming (ROP) attacks.
Journal ArticleDOI
Hardware Assisted Buffer Protection Mechanisms for Embedded RISC-V
TL;DR: A physically unclonable function (PUF)-based randomized canary generation technique is employed that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads.
Proceedings ArticleDOI
Assessment of Buffer Overflow Based Attacks On an IoT Operating System
Gary Mullen,Liam Meany +1 more
TL;DR: Numerical assessments of the vulnerability of the devices which comprise The Internet of Things to a class of attacks based on triggering buffer overflows and the deficiencies of the prevention measures provided in FreeRTOS are shown.
Journal ArticleDOI
An M-Cache-Based Security Monitoring and Fault Recovery Architecture for Embedded Processor
TL;DR: An architecture for the security monitoring and fault recovery is proposed for run-time program execution, which builds a Monitoring Cache (M-Cache) and then checks the integrity based on reference data and also takes the rollback operation after the unsuccessful of integrity check.
Proceedings ArticleDOI
CFI: Control Flow Integrity or Control Flow Interruption?
TL;DR: This paper focuses on some of the CFI-based defenses and shows how the unexpected trigger of an interrupt and the sudden execution of an Interrupt Service Routine (ISR) can circumvent them.
References
More filters
Proceedings ArticleDOI
Return-oriented programming without returns
Stephen Checkoway,Lucas Davi,Alexandra Dmitrienko,Ahmad-Reza Sadeghi,Hovav Shacham,Marcel Winandy +5 more
TL;DR: It is shown that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions, and these attacks instead make use of certain instruction sequences that behave like a return.
Proceedings ArticleDOI
Jump-oriented programming: a new class of code-reuse attack
TL;DR: This paper introduces a new class of code-reuse attack, called jump-oriented programming, which eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return- oriented programming without sacrificing expressive power.
Proceedings ArticleDOI
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
Kevin Z. Snow,Fabian Monrose,Lucas Davi,Alexandra Dmitrienko,Christopher Liebchen,Ahmad-Reza Sadeghi +5 more
TL;DR: This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
Proceedings ArticleDOI
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks
TL;DR: This paper builds 3 end-to-end attacks to bypass randomization defenses without leaking addresses, to run a network bot which takes commands from the attacker, and to alter the memory permissions, demonstrating how the expressiveness offered by DOP significantly empowers the attacker.
Related Papers (5)
Lightweight Hardware Return Address and Stack Frame Tracking to Prevent Function Return Address Attack
Wen-Fu Kao,S. Felix Wu +1 more