Michele Grisafi, M. Ammar, Marco Roveri, Bruno Crispo
{"title":"FLAShadow:用于低端嵌入式系统的基于闪存的影子堆栈","authors":"Michele Grisafi, M. Ammar, Marco Roveri, Bruno Crispo","doi":"10.1145/3670413","DOIUrl":null,"url":null,"abstract":"Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features.\n \n In this paper, we propose\n FLAShadow\n , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where\n FLAShadow\n can be securely maintained.\n FLAShadow\n exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of\n FLAShadow\n for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.\n","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":3.5000,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems\",\"authors\":\"Michele Grisafi, M. Ammar, Marco Roveri, Bruno Crispo\",\"doi\":\"10.1145/3670413\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features.\\n \\n In this paper, we propose\\n FLAShadow\\n , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where\\n FLAShadow\\n can be securely maintained.\\n FLAShadow\\n exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of\\n FLAShadow\\n for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.\\n\",\"PeriodicalId\":29764,\"journal\":{\"name\":\"ACM Transactions on Internet of Things\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.5000,\"publicationDate\":\"2024-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Internet of Things\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3670413\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3670413","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems
Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features.
In this paper, we propose
FLAShadow
, a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where
FLAShadow
can be securely maintained.
FLAShadow
exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of
FLAShadow
for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.