When Memory Mappings Attack: On the (Mis)use of the ARM Cortex-M FPB Unit

• URL: http://arxiv.org/abs/2312.13189v1
• Date: Wed, 20 Dec 2023 17:00:43 GMT
• Title: When Memory Mappings Attack: On the (Mis)use of the ARM Cortex-M FPB Unit
• Authors: Haoqi Shan, Dean Sullivan, Orlando Arias,
• Abstract summary: In recent years we have seen an explosion in the usage of low-cost, low-power microcontrollers in embedded devices. This has been detrimental for security as microcontroller-based systems are now a viable attack target.
• Score: 2.828466685313335
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: In recent years we have seen an explosion in the usage of low-cost, low-power microcontrollers (MCUs) in embedded devices around us due to the popularity of Internet of Things (IoT) devices. Although this is good from an economics perspective, it has also been detrimental for security as microcontroller-based systems are now a viable attack target. In response, researchers have developed various protection mechanisms dedicated to improve security in these resource-constrained embedded systems. We demonstrate in this paper these defenses fall short when we leverage benign memory mapped design-for-debug (DfD) structures added by MCU vendors in their products. In particular, we utilize the Flash Patch and Breakpoint (FPB) unit present in the ARM Cortex-M family to build new attack primitives which can be used to bypass common defenses for embedded devices. Our work serves as a warning and a call in balancing security and debug structures in modern microcontrollers.

Related papers

• "We just did not have that on the embedded system": Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions [0.9854095688911367]
  Microcontroller systems are integral to our daily lives, powering mission-critical applications such as vehicles, medical devices, and industrial control systems. Previous research has focused solely on microcontroller firmware analysis to identify and characterize vulnerabilities. This study uniquely leverages data from the 2023 and 2024 MITRE eCTF team submissions and post-competition interviews.
  arXiv  Detail & Related papers  (2025-03-11T05:16:50Z)
• Extending Lifetime of Embedded Systems by WebAssembly-based Functional Extensions Including Drivers [46.538276603099916]
  We present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers. We detail synchronous I/O and methods for embedding platform-independent peripheral configurations within Wasm binaries.
  arXiv  Detail & Related papers  (2025-03-10T17:22:00Z)
• Adversarial Prompt Evaluation: Systematic Benchmarking of Guardrails Against Prompt Input Attacks on LLMs [44.023741610675266]
  Large language models (LLMs) can be manipulated into unsafe behaviour by prompts known as jailbreaks. Not all defences are able to handle new out-of-distribution attacks due to the narrow segment of jailbreaks used to align them. We show that based on current datasets available for evaluation, simple baselines can display competitive out-of-distribution performance.
  arXiv  Detail & Related papers  (2025-02-21T12:54:25Z)
• Exploring the Adversarial Vulnerabilities of Vision-Language-Action Models in Robotics [70.93622520400385]
  This paper systematically quantifies the robustness of VLA-based robotic systems. We introduce an untargeted position-aware attack objective that leverages spatial foundations to destabilize robotic actions. We also design an adversarial patch generation approach that places a small, colorful patch within the camera's view, effectively executing the attack in both digital and physical environments.
  arXiv  Detail & Related papers  (2024-11-18T01:52:20Z)
• Jailbreak Attacks and Defenses against Multimodal Generative Models: A Survey [50.031628043029244]
  Multimodal generative models are susceptible to jailbreak attacks, which can bypass built-in safety mechanisms and induce the production of potentially harmful content. This survey reviews jailbreak and defense in multimodal generative models.
  arXiv  Detail & Related papers  (2024-11-14T07:51:51Z)
• CALoR: Towards Comprehensive Model Inversion Defense [43.2642796582236]
  Model Inversion Attacks (MIAs) aim at recovering privacy-sensitive training data from the knowledge encoded in released machine learning models. Recent advances in the MIA field have significantly enhanced the attack performance under multiple scenarios. We propose a robust defense mechanism, integrating Confidence Adaptation and Low-Rank compression.
  arXiv  Detail & Related papers  (2024-10-08T08:44:01Z)
• Training on the Fly: On-device Self-supervised Learning aboard Nano-drones within 20 mW [52.280742520586756]
  Miniaturized cyber-physical systems (CPSes) powered by tiny machine learning (TinyML), such as nano-drones, are becoming an increasingly attractive technology. Simple electronics make these CPSes inexpensive, but strongly limit the computational, memory, and sensing resources available on board. We present a novel on-device fine-tuning approach that relies only on the limited ultra-low power resources available aboard nano-drones.
  arXiv  Detail & Related papers  (2024-08-06T13:11:36Z)
• Mitigating and Analysis of Memory Usage Attack in IoE System [1.515687944002438]
  Internet of Everything (IoE) is a newly emerging trend, especially in homes. Memory corruption vulnerabilities constitute a significant class of vulnerabilities in software security. This paper aims to analyze and explain the resource usage attack and create a low-cost simulation environment.
  arXiv  Detail & Related papers  (2024-04-30T11:48:13Z)
• SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems [36.154629422941774]
  Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. We analyze the hardware security limitations and issues of Cortex-M systems. We categorize the reported bugs in Cortex-M software systems.
  arXiv  Detail & Related papers  (2024-01-27T04:09:29Z)
• UCCA: A Verified Architecture for Compartmentalization of Untrusted Code Sections in Resource-Constrained Devices [5.445001663133085]
  This paper proposes, demonstrating security, and formally verifying the implementation of UCCA: an Untrusted Code Compartment Architecture. UCCA provides flexible hardware-enforced isolation of untrusted code sections in resource-constrained and time-critical MCUs. Our evaluation shows that UCCA incurs little overhead and is affordable even to lowest-end MCUs, requiring significantly less overhead and assumptions than prior related work.
  arXiv  Detail & Related papers  (2023-12-04T21:25:09Z)
• MCUFormer: Deploying Vision Transformers on Microcontrollers with Limited Memory [76.02294791513552]
  We propose a hardware-algorithm co-optimizations method called MCUFormer to deploy vision transformers on microcontrollers with extremely limited memory. Experimental results demonstrate that our MCUFormer achieves 73.62% top-1 accuracy on ImageNet for image classification with 320KB memory.
  arXiv  Detail & Related papers  (2023-10-25T18:00:26Z)
• Evil from Within: Machine Learning Backdoors through Hardware Trojans [72.99519529521919]
  Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning. We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
  arXiv  Detail & Related papers  (2023-04-17T16:24:48Z)
• CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++ [0.9208007322096532]
  CryptSan is a memory safety approach based on ARM Pointer Authentication. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
  arXiv  Detail & Related papers  (2022-02-17T14:04:01Z)
• Towards Obfuscated Malware Detection for Low Powered IoT Devices [0.11417805445492081]
  IoT and edge devices have become a new threat vector for malware authors. Due to their limited computational power and storage space, it is infeasible to deploy state-of-the-art malware detectors onto these systems. We propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection.
  arXiv  Detail & Related papers  (2020-11-06T17:10:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.