Abstract
Embedded devices typically offer weak hardware and software security and yet they are often used to achieve critical tasks. Several attacks (such as buffer overflow) can bypass the default program’s behaviour and lead to arbitrary code execution. To tackle this problem, CFI (Control Flow Integrity) can be used at the cost of a significant overhead, which may not fit the embedded world’s constraints. In this paper we discuss EE-CFI, an Externalized and Embedded CFI solution. EE-CFI is based on the instrumentation of source-code to produce a trace of its execution path. This trace is validated by an external monitor, responsible for verifying that the code path is legitimate with regard to the CFG (Control Flow Graph) extracted at compilation time. This solution uses LLVM and is designed to be compatible with embedded constraints and adaptable to the heterogeneity of embedded devices.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 340–353. ACM, New York (2005). doi:10.1145/1102120.1102165
Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazières, D.: CCFI: cryptographically enforced control flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 941–951. ACM, New York (2015). doi:10.1145/2810103.2813676
Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control-flow integrity. In: Internet Society (2015). doi:10.14722/ndss.2015.23271
Coudray, T., Fontaine, A., Chifflier, P.: PICON: Control Flow Integrity on LLVM IR
Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity, pp. 161–76 (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/carlini
Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., Sidiroglou-Douskos, S.: Control Jujutsu: on the weaknesses of fine-grained control flow integrity. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 901–913. ACM, New York (2015). doi:10.1145/2810103.2813646
Conti, M., Crane, S., Davi, L., Franz, M., Larsen, P., Negro, M., Liebchen, C., Qunaibit, M., Sadeghi, A.-R.: Losing control: on the effectiveness of control-flow integrity under stack attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 952–963. ACM, New York (2015). doi:10.1145/2810103.2813671
Otgonbaatar, U.: Evaluating Modern Defenses Against Control Flow Hijacking. MIT Lincoln Laboratory (2015). http://people.csail.mit.edu/hes/ROP/Publications/ulzi-thesis.pdf
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis transformation. In: International Symposium on Code Generation and Optimization, CGO 2004, pp. 75–86 (2004). doi:10.1109/CGO.2004.1281665
RTOS - Free Professionally Developed and Robust Real Time Operating System for Small Embedded Systems Development. http://www.freertos.org/RTOS.html. Accessed 29 Aug 2016
STM32F4 Series - STMicroelectronics. http://www.st.com/content/st_com/en/products/microcontrollers/stm32-32-bit-arm-cortex-mcus/stm32f4-series.html?querycriteria=productId=SS1577. Accessed 29 Aug 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Lefils, V., Grimaud, G., Iguchi-Cartigny, J. (2018). EE-CFI: Externalized Control Flow Integrity for Embedded Devices. In: Barolli, L., Enokido, T. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2017. Advances in Intelligent Systems and Computing, vol 612. Springer, Cham. https://doi.org/10.1007/978-3-319-61542-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-61542-4_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61541-7
Online ISBN: 978-3-319-61542-4
eBook Packages: EngineeringEngineering (R0)