uSFI: Ultra-lightweight software fault isolation for IoT-class devices

Aweke, Zelalem Birhanu; Austin, Todd

doi:10.23919/date.2018.8342161

Cited by 7 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors note a higher performance overhead, with the geometric mean results being 2.2% and 10.2% respectively for the two benchmarks, which leads the authors to conclude that the store hardening approach is superior in performance. However, it would be interesting to note how the performance would vary if the shadow stack was protected using an approach similar to Aweke and Austin's [9] lightweight SFI for IoT systems that shows an overhead of just 1% on the MiBench [42] benchmarks. Their approach utilizes a small amount (150 lines) of trusted code that sets up the MPU to create the fault domains, trapping accesses outside the domain as memory access faults.…”

Section: Implementation Of Basic Techniquesmentioning

confidence: 99%

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Mishra,

Chantem,

Gerdes

2021

Preprint

View full text Add to dashboard Cite

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared to general purpose computing systems like desktops or servers. However, allowing external interfaces to such embedded systems increases their exposure to attackers. With an increase in attacks against embedded systems ranging from home appliances to industrial control systems operating critical equipment that have hard real-time requirements, it is imperative that defense mechanisms be created that explicitly consider such resource and real-time constraints constraints. Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution. We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded systems, of CFI mechanisms. We then present open challenges to the community to help drive research in this domain.

show abstract

Section: Implementation Of Basic Techniquesmentioning

confidence: 99%

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Mishra,

Chantem,

Gerdes

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Several dynamic attestation approaches based on creating isolated execution environments have been proposed [78][79][80][81][82], while allowing dynamic code loading [78,82]. Security architectures for process sandboxing and memory isolation [83][84][85] or privilege separation [86,87] have also been proposed for resource-constrained devices, mitigating the effect of software bugs and of the exploitation of vulnerabilities. This line of work, however, does not consider availability (or recoverability), mostly due to its potential complexity.…”

Section: Related Workmentioning

confidence: 99%

Dominance as a New Trusted Computing Primitive for the Internet of Things

Huber

Sun

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly emerging as one of the dominant computing paradigms of this decade. Applications range from in-home entertainment to large-scale industrial deployments such as controlling assembly lines and monitoring traffic. While IoT devices are in many respects similar to traditional computers, user expectations and deployment scenarios as well as cost and hardware constraints are sufficiently different to create new security challenges as well as new opportunities. This is especially true for large-scale IoT deployments in which a central entity deploys and controls a large number of IoT devices with minimal human interaction.Like traditional computers, IoT devices are subject to attack and compromise. Large IoT deployments consisting of many nearly identical devices are especially attractive targets. At the same time, recovery from root compromise by conventional means becomes costly and slow, even more so if the devices are dispersed over a large geographical area. In the worst case, technicians have to travel to all devices and manually recover them. Data center solutions such as the Intelligent Platform Management Interface (IPMI) which rely on separate service processors and network connections are not only not supported by existing IoT hardware, but are unlikely to be in the foreseeable future due to the cost constraints of mainstream IoT devices.This paper presents CIDER, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment. The recovery requires minimal manual intervention. After the administrator has identified the compromise and produced an updated firmware image, he/she can instruct CIDER to force the devices to reset and to install the patched firmware on the devices. We demonstrate the universality and practicality of CIDER by implementing it on three popular IoT platforms (HummingBoard Edge, Raspberry Pi Compute Module 3 and Nucleo-L476RG) spanning the range from high to low end. Our evaluation shows that the performance overhead of CIDER is generally negligible.

show abstract

Evaluation of Kernel-Level IoT Security and QoS Aware Models from an Empirical Perspective

Dhak¹,

Ramteke²

2022

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

uSFI: Ultra-lightweight software fault isolation for IoT-class devices

Cited by 7 publications

References 8 publications

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Dominance as a New Trusted Computing Primitive for the Internet of Things

Evaluation of Kernel-Level IoT Security and QoS Aware Models from an Empirical Perspective

Contact Info

Product

Resources

About