Affiliation:
1. Virginia Polytechnic Institute and State University, USA
Abstract
Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are also often resource-constrained, for example, with lower processing capabilities compared to general-purpose computing systems like desktops or servers. With the advent of paradigms such as internet-of-things (IoT), embedded systems in both commercial and industrial contexts are being increasingly interconnected and exposed to the external networks to improve automation and efficiency of operation. However, allowing external interfaces to such embedded systems increases their exposure to attackers. With an increase in attacks against embedded systems ranging from home appliances to industrial control systems operating critical equipment that have real-time requirements, it is imperative that defense mechanisms be created that explicitly consider such resource and real-time constraints. Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution. We survey CFI techniques, ranging from the basic to state of the art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded systems, of CFI mechanisms. We then present open challenges to the community to help drive future research in this domain.
Funder
National Science Foundation
Commonwealth Cyber Initiative
Publisher
Association for Computing Machinery (ACM)
Subject
Hardware and Architecture,Software
Reference98 articles.
1. Clang 12 Documentation. 2020. Retrieved October 24, 2020, from https://clang.llvm.org/docs/ControlFlowIntegrity.html.
2. Standard Performance Evaluation Corporation. 2020. https://www.spec.org/benchmarks.html.
3. On-chip control flow integrity check for real time embedded systems
4. Control-flow integrity principles, implementations, and applications
5. ECFI
Cited by
10 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Bitmap-Based Security Monitoring for Deeply Embedded Systems;ACM Transactions on Software Engineering and Methodology;2024-06-18
2. InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System;2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS);2024-05-13
3. CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes;Electronics;2024-04-26
4. From Low-Level Fault Modeling (of a Pipeline Attack) to a Proven Hardening Scheme;Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction;2024-02-17
5. Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15