Protecting Bare-metal Embedded Systems from Memory Corruption Attacks
Abe Clements - Purdue University
Aug 22, 2018Size: 125.1MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractEmbedded systems are used in every aspect of modern life. The Internet of Things is comprised of millions of these interconnected systems many of which are low cost bare-metal systems, executing without an operating system. These systems rarely employ security protections. Their development assumptions of unrestricted access to all memory and instructions and constraints on runtime, energy, and memory makes applying protections particularly challenging. I will present recent two recent techniques EPOXY (IEEE S&P 2017) and ACES (USENIX Security 2018), that harden bare-metal systems against memory corruption attacks.
EPOXY is an LLVM based embedded compiler that uses a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode. This provides the foundation on which code-integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. EPOXY also employs fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks.
These defenses prevent code injection attacks and ROP attacks from scaling across large sets of devices. EPOXY’s evaluation on case study applications shows that EPOXY has, on average, a 1.8% increase in execution time and a 0.5% increase in energy usage.
ACES is another LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems, thus applying the principle of least privileges. ACES takes a developer-specified compartmentalization policy and then automatically creates an instrumented binary that isolates compartments at runtime, while handling the hardware limitations of bare-metal embedded devices. ACES evaluation shows that ACES’ compartments can have low runtime overheads (13% on our largest test application), while using 59% less Flash, and 84% less RAM than the
Mbed uVisor—the current state-of-the-art compartmentalization technique for bare-metal systems. ACES‘ compartments protect the integrity of privileged data, provide control-flow integrity between compartments.
About the SpeakerAbe Clements is Senior Member of Technical Staff at Sandia National Laboratories and 4th year PhD student at Purdue University. He started at Sandia in 2010 where he worked primarily in industrial control system cyber security. In 2015 he was selected for Sandia’s Doctoral Studies Program and came to Purdue for his doctoral studies. His PhD research focuses on using static and dynamic program analysis to create and deploy memory protection mechanisms for embedded systems. He is co-advised by Saurabh Bagchi (ECE) and Mathias Payer (CS). He holds a B.S. and M.S. Electrical Engineering from Utah State University.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.