Abe Clements - Purdue University
Students: Fall 2021, unless noted otherwise, sessions will be virtual on Zoom.
Protecting Bare-metal Embedded Systems from Memory Corruption Attacks
Aug 22, 2018Download: MP4 Video Size: 125.1MB
Watch on YouTube
AbstractEmbedded systems are used in every aspect of modern life. The Internet of Things is comprised of millions of these interconnected systems many of which are low cost bare-metal systems, executing without an operating system. These systems rarely employ security protections. Their development assumptions of unrestricted access to all memory and instructions and constraints on runtime, energy, and memory makes applying protections particularly challenging. I will present recent two recent techniques EPOXY (IEEE S&P 2017) and ACES (USENIX Security 2018), that harden bare-metal systems against memory corruption attacks.
EPOXY is an LLVM based embedded compiler that uses a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode. This provides the foundation on which code-integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. EPOXY also employs fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks.
These defenses prevent code injection attacks and ROP attacks from scaling across large sets of devices. EPOXY’s evaluation on case study applications shows that EPOXY has, on average, a 1.8% increase in execution time and a 0.5% increase in energy usage.
ACES is another LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems, thus applying the principle of least privileges. ACES takes a developer-specified compartmentalization policy and then automatically creates an instrumented binary that isolates compartments at runtime, while handling the hardware limitations of bare-metal embedded devices. ACES evaluation shows that ACES’ compartments can have low runtime overheads (13% on our largest test application), while using 59% less Flash, and 84% less RAM than the
Mbed uVisor—the current state-of-the-art compartmentalization technique for bare-metal systems. ACES‘ compartments protect the integrity of privileged data, provide control-flow integrity between compartments.
About the Speaker
Abe Clements is Senior Member of Technical Staff at Sandia National Laboratories and 4th year PhD student at Purdue University. He started at Sandia in 2010 where he worked primarily in industrial control system cyber security. In 2015 he was selected for Sandia’s Doctoral Studies Program and came to Purdue for his doctoral studies. His PhD research focuses on using static and dynamic program analysis to create and deploy memory protection mechanisms for embedded systems. He is co-advised by Saurabh Bagchi (ECE) and Mathias Payer (CS). He holds a B.S. and M.S. Electrical Engineering from Utah State University.