Em-RIPE: Runtime Intrusion Prevention Evaluator for ARM Microcontroller Systems

Although they have been known for some time, the security implications of buffer overflows (BOF) continue to rouse great attention among software experts in the academic and commercial sectors. Recently, there has been particular interest in discussing how to mitigate risks deriving from BOF on embedded and IoT devices, which have lower computational capabilities given their low-cost and low-power requirements. Although the literature is rich of solutions for these devices as well, authors often fail to quantitatively compare their techniques with related work from a security perspective, and mostly rely on qualitative analysis. Existing evaluator benchmarks (such as the famous RIPE, introduced in 2011) are designed to be used only on general-purpose systems, e.g., with a rich Linux OS and Intel architecture. This paper presents Em-RIPE, a prototype evaluation tool written for assessing protections applied to real-time embedded systems, such as microcontrollers equipped with ARM processors. This first version of the tool supports 105 different possible attack combinations, on which the resilience level of the platform under test can be measured. As experimental data, the obtained protection coverage for major compiler-based firmware protections is reported.