CERIAS Weekly Security Seminar - Purdue University artwork

Abe Clements, "Protecting Bare-metal Embedded Systems from Memory Corruption Attacks"

CERIAS Weekly Security Seminar - Purdue University

English - August 22, 2018 20:30 - 125 MB Video - ★★★★ - 6 ratings
Technology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Cristina Ledezma, "DoD Cyber Requirements and Directives"
Next Episode: Ryan Elkins, "Hacking your security career: strategies that college did not teach me"

Embedded systems are used in every aspect of modern life. The
Internet of Things is comprised of millions of these interconnected
systems many of which are low cost bare-metal systems, executing
without an operating system. These systems rarely employ security
protections. Their development assumptions of unrestricted access
to all memory and instructions and constraints on runtime, energy,
and memory makes applying protections particularly challenging. I
will present recent two recent techniques EPOXY (IEEE S&P 2017)
and ACES (USENIX Security 2018), that harden bare-metal systems
against memory corruption attacks.



EPOXY is an LLVM based embedded compiler that uses a novel
technique, called privilege overlaying, wherein operations
requiring privileged execution are identified and only these
operations execute in privileged mode. This provides the foundation
on which code-integrity, adapted control-flow hijacking defenses,
and protections for sensitive IO are applied. EPOXY also employs
fine-grained randomization schemes, that work within the
constraints of bare-metal systems to provide further protection
against control-flow and data corruption attacks.

These defenses prevent code injection attacks and ROP attacks from
scaling across large sets of devices. EPOXY’s evaluation on case
study applications shows that EPOXY has, on average, a 1.8%
increase in execution time and a 0.5% increase in energy
usage.



ACES is another LLVM-based compiler that automatically infers and
enforces inter-component isolation on bare-metal systems, thus
applying the principle of least privileges. ACES takes a
developer-specified compartmentalization policy and then
automatically creates an instrumented binary that isolates
compartments at runtime, while handling the hardware limitations of
bare-metal embedded devices. ACES evaluation shows that ACES’
compartments can have low runtime overheads (13% on our largest
test application), while using 59% less Flash, and 84% less RAM
than the

Mbed uVisor—the current state-of-the-art compartmentalization
technique for bare-metal systems. ACES‘ compartments protect the
integrity of privileged data, provide control-flow integrity
between compartments.