Sign up to save your podcasts
Or
Share Abe Clements, "Protecting Bare-metal Embedded Systems from Memory Corruption Attacks"
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Abe Clements, "Protecting Bare-metal Embedded Systems from Memory Corruption Attacks"
Embedded systems are used in every aspect of modern life. The Internet of Things is comprised of millions of these interconnected systems many of which are low cost bare-metal systems, executing without an operating system. These systems rarely employ security protections. Their development assumptions of unrestricted access to all memory and instructions and constraints on runtime, energy, and memory makes applying protections particularly challenging. I will present recent two recent techniques EPOXY (IEEE S&P 2017) and ACES (USENIX Security 2018), that harden bare-metal systems against memory corruption attacks. EPOXY is an LLVM based embedded compiler that uses a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode. This provides the foundation on which code-integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. EPOXY also employs fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks. These defenses prevent code injection attacks and ROP attacks from scaling across large sets of devices. EPOXY�s evaluation on case study applications shows that EPOXY has, on average, a 1.8% increase in execution time and a 0.5% increase in energy usage. ACES is another LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems, thus applying the principle of least privileges. ACES takes a developer-specified compartmentalization policy and then automatically creates an instrumented binary that isolates compartments at runtime, while handling the hardware limitations of bare-metal embedded devices. ACES evaluation shows that ACES� compartments can have low runtime overheads (13% on our largest test application), while using 59% less Flash, and 84% less RAM than the Mbed uVisor�the current state-of-the-art compartmentalization technique for bare-metal systems. ACES� compartments protect the integrity of privileged data, provide control-flow integrity between compartments.
View all episodes
By CERIAS <[email protected]>
4.1
77 ratings
Embedded systems are used in every aspect of modern life. The Internet of Things is comprised of millions of these interconnected systems many of which are low cost bare-metal systems, executing without an operating system. These systems rarely employ security protections. Their development assumptions of unrestricted access to all memory and instructions and constraints on runtime, energy, and memory makes applying protections particularly challenging. I will present recent two recent techniques EPOXY (IEEE S&P 2017) and ACES (USENIX Security 2018), that harden bare-metal systems against memory corruption attacks. EPOXY is an LLVM based embedded compiler that uses a novel technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode. This provides the foundation on which code-integrity, adapted control-flow hijacking defenses, and protections for sensitive IO are applied. EPOXY also employs fine-grained randomization schemes, that work within the constraints of bare-metal systems to provide further protection against control-flow and data corruption attacks. These defenses prevent code injection attacks and ROP attacks from scaling across large sets of devices. EPOXY�s evaluation on case study applications shows that EPOXY has, on average, a 1.8% increase in execution time and a 0.5% increase in energy usage. ACES is another LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems, thus applying the principle of least privileges. ACES takes a developer-specified compartmentalization policy and then automatically creates an instrumented binary that isolates compartments at runtime, while handling the hardware limitations of bare-metal embedded devices. ACES evaluation shows that ACES� compartments can have low runtime overheads (13% on our largest test application), while using 59% less Flash, and 84% less RAM than the Mbed uVisor�the current state-of-the-art compartmentalization technique for bare-metal systems. ACES� compartments protect the integrity of privileged data, provide control-flow integrity between compartments.