A Segmented Stack Randomization for bare-metal IoT devices

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-01-24 DOI:10.1016/j.cose.2025.104342
Junho Jung , BeomSeok Kim , Heeseung Son , Daehee Jang , Ben Lee , Jinsung Cho
{"title":"A Segmented Stack Randomization for bare-metal IoT devices","authors":"Junho Jung ,&nbsp;BeomSeok Kim ,&nbsp;Heeseung Son ,&nbsp;Daehee Jang ,&nbsp;Ben Lee ,&nbsp;Jinsung Cho","doi":"10.1016/j.cose.2025.104342","DOIUrl":null,"url":null,"abstract":"<div><div>Bare-metal IoT devices, lacking memory management features such as virtual memory and Memory Management Units (MMUs), are increasingly vulnerable to memory corruption attacks like buffer overflow and Return-Oriented Programming (ROP). To address these challenges, this paper proposes the Segmented Stack Randomization (SSR) scheme, a novel approach that enhances security by randomly allocating stack space across multiple segments during function calls. Designed to operate without additional hardware, the proposed SSR is highly suitable for resource-constrained IoT environments, particularly those requiring predictable execution times for real-time applications. The proposed SSR involves Low Level Virtual Machine (LLVM)-based code instrumentation, enabling seamless integration into finalized firmware without introducing debugging complexities. A proof-of-concept implementation on an ARM Cortex-M4 platform demonstrated that SSR provides robust protection against stack-based attacks with minimal performance overhead, averaging <span><math><mrow><mn>1</mn><mo>.</mo><mn>591</mn><mspace></mspace><mi>μ</mi><mi>s</mi></mrow></math></span>ec per function call. Additionally, the proposed SSR offers tunable trade-offs between memory usage and randomization entropy, ensuring adaptability to various application requirements. These results highlight the proposed SSR as a practical and efficient security solution for safeguarding bare-metal IoT devices against evolving threats.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"151 ","pages":"Article 104342"},"PeriodicalIF":4.8000,"publicationDate":"2025-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000318","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Bare-metal IoT devices, lacking memory management features such as virtual memory and Memory Management Units (MMUs), are increasingly vulnerable to memory corruption attacks like buffer overflow and Return-Oriented Programming (ROP). To address these challenges, this paper proposes the Segmented Stack Randomization (SSR) scheme, a novel approach that enhances security by randomly allocating stack space across multiple segments during function calls. Designed to operate without additional hardware, the proposed SSR is highly suitable for resource-constrained IoT environments, particularly those requiring predictable execution times for real-time applications. The proposed SSR involves Low Level Virtual Machine (LLVM)-based code instrumentation, enabling seamless integration into finalized firmware without introducing debugging complexities. A proof-of-concept implementation on an ARM Cortex-M4 platform demonstrated that SSR provides robust protection against stack-based attacks with minimal performance overhead, averaging 1.591μsec per function call. Additionally, the proposed SSR offers tunable trade-offs between memory usage and randomization entropy, ensuring adaptability to various application requirements. These results highlight the proposed SSR as a practical and efficient security solution for safeguarding bare-metal IoT devices against evolving threats.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
求助全文
约1分钟内获得全文 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Editorial Board M2FD: Mobile malware federated detection under concept drift PDCleaner: A multi-view collaborative data compression method for provenance graph-based APT detection systems HoleMal: A lightweight IoT malware detection framework based on efficient host-level traffic processing Understanding the chief information security officer: Qualifications and responsibilities for cybersecurity leadership
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1