Abstract
The address space layout randomization (ASLR) has been widely deployed on modern operating systems against code reuse attacks (CRAs) such as return-oriented programming (ROP) and return-to-libc. However, porting ASLR to resource-constrained IoT devices is a great challenge due to the limited memory space. We propose a function-based ASLR scheme (fASLR) for IoT runtime security utilizing the ARM TrustZone-M technique and the memory protection unit (MPU). fASLR loads a function from the flash and randomizes its entry address in a randomization region in RAM when the function is called. We design novel mechanisms on cleaning up finished functions from the RAM and memory addressing to deal with the complexity of function relocation and randomization. Compared with related work, a prominent advantage of fASLR is that fASLR can run an application even if the application code cannot be completely loaded into RAM for execution. We test fASLR with 21 applications. fASLR achieves high randomization entropy and incurs runtime overhead of less than 10%.
X. Shao and L. Luo—Contribute equally to this work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ARM. Armv8-m fault handling and detection
ARM. Trustzone for cortex-m
Bletsch, T.K., Jiang, X., Freeh, V.W.: Mitigating code-reuse attacks with control-flow locking. In: Zakon, R.H., McDermott, J.P., Locasto, M.E. (eds.) Twenty-Seventh Annual Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, 5–9 December 2011, pp. 353–362. ACM (2011)
Brown, M.D., Pande, S.: Is less really more? Why reducing code reuse gadget counts via software debloating doesn’t necessarily indicate improved security. arXiv preprint arXiv:1902.10880 (2019)
Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: 2005 International Conference on Dependable Systems and Networks (DSN 2005), 28 June–1 July 2005, Yokohama, Japan, Proceedings, pp. 378–387. IEEE Computer Society (2005)
EEMBC Embedded Microprocessor Benchmark Consortium. Cpu benchmark–mcu benchmark–coremark
Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Code randomization resilient to (just-in-time) return-oriented programming. In: NDSS (2015)
Davi, L.V., Dmitrienko, A., Nünberger, S., Sadeghi, A.R.: Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and arm. In: 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 299–310 (2013)
Follner, A., Bartel, A., Bodden, E.: Analyzing the gadgets. In: International Symposium on Engineering Secure Software and Systems, pp. 155–172 (2016)
Hejazi, S.M., Talhi, C., Debbabi, M.: Extraction of forensically sensitive information from windows physical memory. Digit. Investig. 6, S121–S131 (2009). The Proceedings of the Ninth Annual DFRWS Conference
Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: Ilr: where’d my gadgets go? In: 2012 IEEE Symposium on Security and Privacy, pp. 571–585. IEEE (2012)
Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 339–348. IEEE (2006)
Koo, H., Chen, Y., Lu, L., Kemerlis, V.P., Polychronakis, M.: Compiler-assisted code randomization. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 461–477. IEEE (2018)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy, pp. 276–291. IEEE (2014)
Microchip. Atmel start
Pallister, J., Hollis, S., Bennett, J.: BEEBS: open benchmarks for energy measurements on embedded platforms. arXiv preprint arXiv:1308.5174 (2013)
Priyadarshan, S., Nguyen, H., Sekar, R.: Practical fine-grained binary code randomization. In: Annual Computer Security Applications Conference, pp. 401–414 (2020)
Quinn, H.: Microcontroller benchmark codes for radiation testing
Shi, J., Guan, L., Li, W., Zhang, D., Chen, P., Zhang, N.: Harm: hardware-assisted continuous re-randomization for microcontrollers. In: 2022 IEEE European Symposium on Security and Privacy (EuroS P) (2022)
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19–22 May 2013, pp. 574–588. IEEE Computer Society (2013)
Wang, X., Yeoh, S., Lyerly, R., Olivier, P., Kim, S.H., Ravindran, B.: A framework for software diversification with \(\{\)ISA\(\}\) heterogeneity. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (\(\{\)RAID\(\}\) 2020), pp. 427–442 (2020)
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: 2012 ACM Conference on Computer and Communications Security, pp. 157–168 (2012)
Feng, X., Wang, D., Lin, Z., Kuang, X., Zhao, G.: Enhancing randomization entropy of x86–64 code while preserving semantic consistency. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1–12. IEEE (2020)
Yiu, J.: Chapter 2–getting started with cortex-m programming. In: Yiu, J. (ed.) Definitive Guide to Arm®Cortex®-M23 and Cortex-M33 Processors, pp. 19–51. Newnes (2021)
Acknowledgment
This research was supported in part by National Key R &D Program of China 2018YFB2100300, National Natural Science Foundation of China Grant Nos. 62022024, 61972088, 62072103, 62102084, 62072102, 62072098, and 61972083, by US National Science Foundation (NSF) Awards 1931871, 1915780, and US Department of Energy (DOE) Award DE-EE0009152, by Jiangsu Provincial Natural Science Foundation for Excellent Young Scholars Grant No. BK20190060, Jiangsu Provincial Natural Science Foundation of China Grant No. BK20190340, Jiangsu Provincial Key Laboratory of Network and Information Security Grant No. BM2003201, Key Laboratory of Computer Network and Information Integration of Ministry of Education of China Grant Nos. 93K-9, and Collaborative Innovation Center of Novel Software Technology and Industrialization. Any opinions, findings, conclusions, and recommendations in this paper are those of the authors and do not necessarily reflect the views of the funding agencies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shao, X., Luo, L., Ling, Z., Yan, H., Wei, Y., Fu, X. (2022). fASLR: Function-Based ASLR for Resource-Constrained IoT Systems. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13555. Springer, Cham. https://doi.org/10.1007/978-3-031-17146-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-17146-8_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17145-1
Online ISBN: 978-3-031-17146-8
eBook Packages: Computer ScienceComputer Science (R0)