Nowadays, the growing pervasiveness of digital components and their interconnection in the so-called Internet of Things, raises serious questions regarding security and integrity not only of the data exchanged, but also of the devices themselves and the software they run. Code-Reuse Attacks (CRA) are one of the most powerful binary attack paradigms, aiming to exploit memory vulnerabilities such as buffer overflows to force the application to execute an unintended sequence of instructions present in memory. To counter such a kind of attacks, ensuring the program’s control-flow integrity (CFI) appears to be the most promising solution presented so far. A plethora of CFI implementations have been offered in the literature and by vendors, based on control-flow monitors located at the software level or even into hardware extensions. However, many proposed solutions opt for coarse-grained checks, or insert enforcement before all flow transfers. For software running on IoT platforms, where resources are usually limited, protections can increase the footprint in an unsustainable way. This paper presents PROLEPSIS, an automated binary code analysis tool for IoT applications written for ARM platforms. With an optimised search, the tool is able to identify only those executable point (control-flow instructions) that are really at risk of control-flow hijacking. Each recognised insecure point is instrumented according to a custom technique of choice, either based on a software or a hardware monitor, depending on the specific application needs.

Prolepsis: binary analysis and instrumentation of iot software for control-flow integrity / Forte, Valentina; Maunero, Nicolò; Prinetto, Paolo; Roascio, Gianluca. - ELETTRONICO. - (2021), pp. 1-6. ((Intervento presentato al convegno IEEE International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME) tenutosi a Mauritius nel October 7-8, Mauritius [10.1109/ICECCME52200.2021.9591080].

Prolepsis: binary analysis and instrumentation of iot software for control-flow integrity

Maunero, Nicolò;Prinetto, Paolo;Roascio, Gianluca
2021

Abstract

Nowadays, the growing pervasiveness of digital components and their interconnection in the so-called Internet of Things, raises serious questions regarding security and integrity not only of the data exchanged, but also of the devices themselves and the software they run. Code-Reuse Attacks (CRA) are one of the most powerful binary attack paradigms, aiming to exploit memory vulnerabilities such as buffer overflows to force the application to execute an unintended sequence of instructions present in memory. To counter such a kind of attacks, ensuring the program’s control-flow integrity (CFI) appears to be the most promising solution presented so far. A plethora of CFI implementations have been offered in the literature and by vendors, based on control-flow monitors located at the software level or even into hardware extensions. However, many proposed solutions opt for coarse-grained checks, or insert enforcement before all flow transfers. For software running on IoT platforms, where resources are usually limited, protections can increase the footprint in an unsustainable way. This paper presents PROLEPSIS, an automated binary code analysis tool for IoT applications written for ARM platforms. With an optimised search, the tool is able to identify only those executable point (control-flow instructions) that are really at risk of control-flow hijacking. Each recognised insecure point is instrumented according to a custom technique of choice, either based on a software or a hardware monitor, depending on the specific application needs.
978-1-6654-1262-9
File in questo prodotto:
File Dimensione Formato  
9591080.pdf

non disponibili

Descrizione: Articolo principale
Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 556.74 kB
Formato Adobe PDF
556.74 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11583/2923692