ACE-M: Automated Control Flow Integrity Enforcement Based on MPUs at the Function Level

Control-flow integrity(CFI) ensures that the execution flow of a program follows the control-flow graph(CFG) determined at compile time. CFI is a security technique designed to prevent runtime attacks such as return-oriented programming (ROP). With the development of the Internet of Things (IoT), th...

Full description

Saved in:
Bibliographic Details
Published in:Electronics (Basel) 2022-03, Vol.11 (6), p.912
Main Authors: Lee, Sungbin, Cho, Jeonghun
Format: Article
Language:English
Subjects:
Automatic control
Code reuse
Design modifications
Electronic devices
Embedded systems
Field programmable gate arrays
Hardware
Inserts
Integrity
Internet of Things
Libraries
Security
Security systems
Software
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Control-flow integrity(CFI) ensures that the execution flow of a program follows the control-flow graph(CFG) determined at compile time. CFI is a security technique designed to prevent runtime attacks such as return-oriented programming (ROP). With the development of the Internet of Things (IoT), the number of embedded devices has increased, and security and protection techniques in embedded systems have become important. Since the hardware-based CFI technique requires separate hardware support, it is difficult to apply to an embedded device that is already arranged. In this paper, we propose a function-level CFI technique named ACE-M, which uses the memory protection unit (MPU) included in most embedded devices. MPU may provide attributes such as read-write-execute to the memory area. ACE-M has three steps: (1) initiate—inserts an MPU-related function into a specific position; (2) profiling—provides information for MPU configuration. After the initation step, several pieces of information can be determined; (3) set—modify the already-inserted function’s arguments. We propose a design that supports the MPU. In our model, the MPU becomes a control flow monitor that detects control flow errors(CFEs), and the inserted codes cause the MPU to act as a control flow checker. If the program deviates from the original control flow, the MPU raises an exception since its corresponding area will not be included in the executable area. This approach not only verifies the target address but also guarantees the running position. Our technique can detect any modification of the program counter (PC) to an arbitrary address.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics11060912