@inproceedings{1126, author = {Robert Walls and Nicholas Brown and Thomas Le Baron and Craig Shue and Hamed Okhravi and Bryan Ward}, editor = {Sophie Quinton}, title = {Control-Flow Integrity for Real-Time Embedded Systems}, abstract = {
Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.
}, year = {2019}, journal = {31st Euromicro Conference on Real-Time Systems}, volume = {133}, pages = {1-2}, month = {07/2019}, publisher = {Schloss Dagstuhl — Leibniz-Zentrum für Informatik}, address = {Dagstuhl, Germany}, issn = {1868-8969}, isbn = {978-3-95977-110-8}, url = {https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2019.2}, doi = {10.4230/LIPIcs.ECRTS.2019.2}, }