Survey of Control-flow Integrity Techniques for Real-time Embedded Systems

Mishra, Tanmaya; Chantem, Thidapat; Gerdes, Ryan

doi:10.1145/3538275

Cited by 8 publications

(2 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here, 0 signifies no protection, 3 is the highest level of protection, and 1 is the least. For this example, let us suppose that the security level (SL)-1 corresponds to TEECheck [18], and SL-2 corresponds to control-flow integrity (CFI) mechanisms [19]. Lastly, the highest level of security SL-3 can be the 256-bit encryption method.…”

Section: Proposed Real-time Task Modelmentioning

confidence: 99%

An Integrated Real-Time and Security Scheduling Framework for CPS

Kansal,

Chantem,

Fisher

et al. 2023

2023 IEEE 29th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA)

Self Cite

View full text Add to dashboard Cite

In the world of real-time systems (RTS), security has often been overlooked in the design process. However, with the emergence of the Internet of Things and Cyber-Physical Systems, RTS are now frequently used in interconnected applications where data is shared regularly.Unfortunately, this increased connectivity has also led to a larger attack surface. As a result, it is crucial to redesign RTS to not only meet real-time requirements but also to be resilient to threats. To address this issue, we propose a new real-time security co-design task model, and an accompanying scheduling framework, where schedulability can be used to indicate whether both real-time and security requirements are met. Our algorithm is designed to be flexible, allowing different security mechanisms to be used along with real-time tasks. Specifically, we augment the frame-based task model by introducing an n-dimensional security matrix, which serves as a powerful tool to enable our approach. This matrix clearly indicates which defense mechanisms are available for each task in the system by storing the worst-case execution times of tasks. Then, we transform the problem of maximizing security, subject to schedulability, into a variant of the knapsack problem. To make this approach more practical, we implement a fully polynomial time approximation scheme (FPTAS) that reduces the time complexity of solving the knapsack problem from a pseudo-polynomial to a fully polynomial. We also experiment with a greedy-heuristic approach and compare the results of both algorithms.

show abstract

Section: Proposed Real-time Task Modelmentioning

confidence: 99%

An Integrated Real-Time and Security Scheduling Framework for CPS

Kansal,

Chantem,

Fisher

et al. 2023

2023 IEEE 29th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Control Flow Integrity (CFI) [3] mechanisms play a crucial role in modern software security by safeguarding against control-flow hijacking attacks. These mechanisms rely on precise control flow data analysis to ensure the integrity of a program's execution path [4]. The extraction and analysis of control flow metadata facilitate the detection of anomalies, identification of control flow hijacking attempts, and development of effective countermeasures.…”

Section: Introductionmentioning

confidence: 99%

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

Li,

Wang,

2024

Electronics

View full text Add to dashboard Cite

Control flow critical metadata play a key role in hardware-based control flow integrity (CFI) mechanisms that effectively monitor and secure program control flow based on pre-extracted metadata. The existing control flow analysis tools exhibit some deficiencies, including inadequate compatibility with the RISC-V architecture, a steep learning curve, limited automation capabilities, and restricted data output formats. CFIEE is an open-source tool with a graphical interface for the automated extraction of control flow critical metadata. The tool possesses the capability to analyze RISC-V binary executables, transforming the binary into an intermediate representation (IR) in the form of the disassembled code, and extracting the critical metadata required for studying hardware-based CFI mechanism through a designed control flow transfer relationship analysis algorithm. The extracted metadata include program basic blocks and their corresponding hash values, control flow graphs, function call relationships, distribution of forward transfer instructions, etc. We selected 15 embedded system programs with processor adaptation for functional verification. The results demonstrate the CFIEE’s capability to automatically analyze programs within the supported RISC-V instruction set and generate comprehensive and precise metadata files. This tool can significantly enhance the efficiency of control flow metadata extraction and furnish configurable metadata for the hardware-based security mechanisms.

show abstract