Poster: Control-Flow Integrity in Low-end Embedded Devices

• URL: http://arxiv.org/abs/2309.10396v2
• Date: Wed, 20 Sep 2023 07:20:56 GMT
• Title: Poster: Control-Flow Integrity in Low-end Embedded Devices
• Authors: Sashidhar Jakkamsetti, Youngil Kim, Andrew Searles, Gene Tsudik,
• Abstract summary: This work constructs an architecture that ensures integrity of software execution against run-time attacks. It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability.
• Score: 12.193184827858326
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for exploits and malware. Prior research proposed various security architectures for enforcing security properties for resource-constrained devices, e.g., via Remote Attestation (RA). Such techniques can (statically) verify software integrity of a remote device and detect compromise. However, run-time (dynamic) security, e.g., via Control-Flow Integrity (CFI), is hard to achieve. This work constructs an architecture that ensures integrity of software execution against run-time attacks, such as Return-Oriented Programming (ROP). It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability. We extend CASU to support a shadow stack and a CFI monitor to mitigate run-time attacks. This gives some confidence that CFI can indeed be attained even on low-end devices, with minimal hardware overhead.

Related papers

• R5Detect: Detecting Control-Flow Attacks from Standard RISC-V Enclaves [0.0]
  R5Detect is a security monitoring software that detects and prevents control-flow attacks on unmodified RISC-V standard architectures. We implement and evaluate R5Detect on standard low-power RISC-V devices and show that such security features can be effectively used with minimal hardware support.
  arXiv  Detail & Related papers  (2024-04-04T19:32:45Z)
• Cryptographically Assured Information Flow: Assured Remote Execution [0.0]
  Assured Remote Execution on a device is the ability of suitably authorized parties to construct secure channels with known processes. We show that a simple hardware-level mechanism called Cryptographically Assured Information Flow (CAIF) enables Assured Remote Execution.
  arXiv  Detail & Related papers  (2024-02-04T22:47:03Z)
• Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices [1.5612101323427952]
  ENISA and NIST security guidelines emphasize the importance of enabling default local communication for safety and reliability. We propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices. We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIOT having a detection accuracy of 0.98-1.
  arXiv  Detail & Related papers  (2024-01-22T18:24:41Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices [18.163077388258618]
  Low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs.
  arXiv  Detail & Related papers  (2024-01-09T01:50:21Z)
• TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust [4.444373990868152]
  TitanCFI modifies the commit stage of a protected core to stream control flow instructions to the RoT. It avoids the design of custom IPs and the modification of the compilation toolchain. It exploits the RoT tamper-proof storage and cryptographic accelerators to secure metadata.
  arXiv  Detail & Related papers  (2024-01-04T22:58:33Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• Evil from Within: Machine Learning Backdoors through Hardware Trojans [72.99519529521919]
  Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning. We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
  arXiv  Detail & Related papers  (2023-04-17T16:24:48Z)
• Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
  Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems. We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process. We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
  arXiv  Detail & Related papers  (2022-01-31T12:38:58Z)
• Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
  We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
  arXiv  Detail & Related papers  (2021-06-03T16:45:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.