More Web Proxy on the site http://driver.im/

research-article

TrustFlow-X: A Practical Framework for Fine-grained Control-flow Integrity in Critical Systems

Authors:

Stéphanie Chollet,

Ioannis ParissisAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 19, Issue 5

Article No.: 36, Pages 1 - 26

https://doi.org/10.1145/3398327

Published: 26 September 2020 Publication History

Abstract

This article addresses the challenges of memory safety in life-critical medical devices. Since the last decade, healthcare manufacturers have embraced the Internet of Things, pushing technological innovations to increase market share. Medical devices, including the most critical ones, tend to be increasingly connected to the Internet. Unfortunately, as critical devices often rely on unsafe programming languages such as C, they are no exception to memory safety issues. Given a memory vulnerability, a skillful attacker can take over a system and perform remote code execution. Combined with the fact that medical devices directly impact the safety of their users, a security vulnerability can lead to disastrous scenarios. To address this issue, this article presents TrustFlow-X, a novel hardware/software co-designed framework that provides efficient fine-grained control-flow integrity protection against memory-based attacks. The TrustFlow-X framework is composed of an LLVM-based compiler toolchain that generates a secure code. This secure code is then executed on an extended RISC-V processor that keeps track of sensitive data using a trusted memory. The obtained results show that the contribution is practical, providing a high level of trust in life-critical embedded systems.

References

[1]

Martin Abadi. 2009. Control-flow integrity principles, implementations, applications. ACM Trans. Inf. Syst. Sec. 13 (2009), 4.

Digital Library

[2]

Periklis Akritidis, Cristian Cadar, Manuel Costa, and Miguel Castro. 2008. Preventing memory error exploits with WIT. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 263--277.

Digital Library

[3]

Manaar Alam, Debapriya Basu Roy, Sarani Bhattacharya, and Vidya Govindan. 2016. SmashClean: A hardware level mitigation to stack smashing attacks in OpenRISC. In Proceedings of the ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE’16).

[4]

ARM. 2015. Mbed TLS. Retrieved from https://tls.mbed.org/.

[5]

Krste Asanovic, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, Sagar Karandikar, Ben Keller, Donggyu Kim, John Koenig, Yunsup Lee, Eric Love, Martin Maas, Albert Magyar, Howard Mao, Miquel Moreto, Albert Ou, David A. Patterson, Brian Richards, Colin Schmidt, Stephen Twigg, Huy Vo, and Andrew Waterman. 2016. The Rocket Chip Generator. Technical Report UCB/EECS-2016-17. EECS Department, University of California, Berkeley. Retrieved from http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-17.html.

[6]

Karin Bernsmed, Martin Gilje Jaatun, and Per Håkon Meland. 2018. Safety critical software and security—How low can you go? In Proceedings of the AIAA/IEEE Digital Avionics Systems Conference. 2--7.

[7]

Alex Bradbury, Gavin Ferris, and Robert Mullins. 2014. Tagged memory and minion cores in the lowRISC SoC Tagged memory and minion cores in the lowRISC SoC. Retrieved from https://www.lowrisc.org/downloads/lowRISC-memo-2014-001.pdf.

[8]

Cyril Bresch, Stéphanie Chollet, and David Hély. 2018. Towards an inherently secure run-time environment for medical devices. In Proceedings of the IEEE International Congress on Internet of Things (ICIOT’18). 140--147.

[9]

Cyril Bresch, David Hely, Stephanie Chollet, and Roman Lysecky. 2020. SecPump: A connected open source infusion pump for security research purposes. IEEE Embed. Syst. Lett. 0663, c (2020), 1--1.

[10]

Cyril Bresch, David Hély, Stéphanie Chollet, and Ioannis Parissis. 2019. TrustFlow: A trusted memory support for data flow integrity. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI’19). IEEE.

[11]

Cyril Bresch, David Hély, Athanasios Papadimitriou, Adrien Michelet-Gignoux, Laurent Amato, and Thomas Meyer. 2018. Stack redundancy to Thwart return oriented programming in embedded systems. IEEE Embed. Syst. Lett. 10, 3 (2018), 87--90.

[12]

Cyril Bresch, Adrien Michelet, Laurent Amato, Thomas Meyer, and David Hely. 2017. A red team blue team approach towards a secure processor design with hardware shadow stack. In Proceedings of the 2nd International Verification and Security Workshop (IVSW’17). 57--62.

[13]

Nicholas Carlini, David Wagner, and Nicholas Carlini. 2014. ROP is still dangerous: Breaking modern defenses ROP is still dangerous: Breaking modern defenses. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). 385--399.

[14]

Stephen Cass. 2017. IEEE Spectrum—The 2017 Top Programming Languages. Retrieved from https://spectrum.ieee.org/computing/software/the-2017-top-programming-languages.

[15]

Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing software by enforcing data-flow integrity. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation. USENIX Association, 147--160.

Digital Library

[16]

Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. 2010. Return-oriented programming without returns. In Proceedings of the 17th ACM Conference on Computer and Communications Security. 559.

Digital Library

[17]

Nick Christoulakis, George Christou, and Elias Athanasopoulos. 2016. HCFI: Hardware-enforced control-flow integrity. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy. 38--49.

Digital Library

[18]

Thurston H. Y. Dang and David Wagner. 2015. The performance cost of shadow stacks and stack canaries time of check to time of use. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. 555--566.

[19]

Lucas Davi, Debayan Paul, Ahmad-reza Sadeghi, Patrick Koeberl, and Dean Sullivan. 2015. HAFIX: Hardware-assisted flow integrity extension. In Proceedings of the 52nd Annual Design Automation Conference.

Digital Library

[20]

Asmit De, Aditya Basu, Swaroop Ghosh, and Trent Jaeger. 2019. FIXER: Flow integrity extensions for embedded RISC-V. In Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE’19). 348--353.

[21]

Shay Gal-on and Markus Levy. 2012. Exploring CoreMark—A benchmark maximizing simplicity and efficacy. The Embedded Microprocessor Benchmark Consortium (EEMBC’12). Retrieved from www.eembc.org.

[22]

John L. Henning. 2006. SPEC CPU2006 benchmark description. ACM SIGARCH Computer Architecture News 34, 4 (2006), 1–17.

Digital Library

[23]

Gerard J. Holzmann. 2007. The power of ten—Rules for developing safety-critical code. ACM SIGPLAN Not. 42, 6 (2007), 89--100.

[24]

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). 969--986.

[25]

Intel. 2016. Control-flow Enforcement Technology Specification. Technical Report. Retrieved from https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf.

[26]

Mehmet Kayaalp, Meltem Ozsoy, Nael Abu Ghazaleh, and Dmitry Ponomarev. 2014. Efficiently securing systems from code reuse attacks. IEEE Trans. Comput. 63, 5 (2014), 1144--1156.

Digital Library

[27]

Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis 8 transformation. In Proceedings of the International Symposium on Code Generation and Optimization (CGO’04). 75--86.

Digital Library

[28]

Ankur Limaye and Tosiron Adegbija. 2018. HERMIT: A benchmark suite for the internet of medical things. IEEE Internet Things J. 5, 5 (2018), 4212--4222.

[29]

Szekeres Mathias, Payer Tao, and Wei Dawn. 2013. SoK: Eternal war in memory. In Proceedings of the IEEE Symposium on Security and Privacy. 48--62.

[30]

McAfee. 2016. 2017 Threats Predictions. Technical Report. Retrieved from https://www.mcafee.com/enterprise/en-us/assets/reports/rp-threats-predictions-2017.pdf.

[31]

Arjun Menon, Subadra Murugan, Chester Rebeiro, Neel Gala, and Kamakoti Veezhinathan. 2017. Shakti-T: A RISC-V processor with light weight security extensions Shakti-T: A RISC-V processor with light weight security extensions. In Hardware and Architectural Support for Security and Privacy. ACM, New York, NY.

[32]

Marius Muench, Jan Stijohann, and Frank Kargl. 2018. What you corrupt is not what you crash: Challenges in fuzzing embedded devices. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS’18).

[33]

Nicholas Nethercote and Julian Seward. 2007. Valgrind: A framework for heavyweight dynamic binary instrumentation. ACM Sigplan Notices 42, 6 (2007), 89–100.

Digital Library

[34]

NSA. 2015. Hardware Control Flow Integrity for an IT Ecosystem. Retrieved from https://github.com/iadgov/Control-Flow-Integrity/ tree/master/paper.

[35]

Oleksii Oleksenko and Dmitrii Kuvaiskii. 2017. Intel MPX explained. arXiv preprint arXiv:1702.00719 (2017).

[36]

Aleph One. 1996. Smashing the stack for fun and profit. Phrack 49 (1996).

[37]

Qualcomm Security. 2017. Pointer Authentication on ARMv8. Retrieved from https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf.

[38]

UC Berkeley Architecture Research. 2015. The RISC-V Instruction Set Architecture. Retrieved from http://riscv.org/.

[39]

Gayou Scott. 2017. Remote Code Execution on the Smiths Medical Medfusion 4000. Retrieved from https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md.

[40]

Department of Homeland Security. 2016. Hospira Multiple Products Buffer Overflow Vulnerability. Retrieved from https://www.us-cert.gov/ics/advisories/ICSA-15-337-02.

[41]

Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad Reza Sadeghi. 2013. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proceedings of the IEEE Symposium on Security and Privacy. 574--588.

Digital Library

[42]

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-assisted data-flow isolation. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 1--17.

[43]

Shirley Tay. 2019. A serious shortage of cybersecurity experts could cost companies hundreds of millions of dollars. CNBC. Retrieved from https://www.cnbc.com/2019/03/06/cybersecurity-expert-shortage-may-cost-companies-hundreds-of-millions.html.

[44]

Perry Wagle and Crispin Cowa. 2003. Stackguard: Simple stack smash protection for GCC. In Proceedings of the GCC Developers Summit. 243--255.

[45]

Jos Wetzels and Ali Abbasi. 2017. Ghost in the machine. In Proceedings of the Usenix Enigma Conference.

[46]

B. Wijnen, E. J. Hunt, G. C. Anzalone, and J. M. Pearce. 2014. Open-source syringe pump library. PLoS ONE 9, 9 (2014).

[47]

John Wilander, Nick Nikiforakis, Yves Youan, Mariam Kamkar, and Wouter Joosen.2011. RIPE: Runtime intrusion prevention evaluator. In Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 41--50.

Cited By

akkaoui AZAHIDI YEl Moufid MDACHRY WGZIRI HMedromi H(2024)Developing medical devices with emerging technologies: trends, challenges, and future directionsF1000Research10.12688/f1000research.154869.113(1007)Online publication date: 4-Sep-2024
https://doi.org/10.12688/f1000research.154869.1
Brohet MRegazzoni F(2023)A Survey on Thwarting Memory Corruption in RISC-VACM Computing Surveys10.1145/360490656:2(1-29)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604906
Li SWang WLi WZhang D(2023)Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation TechnologyIEEE Access10.1109/ACCESS.2023.333704311(133255-133280)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3337043

Index Terms

TrustFlow-X: A Practical Framework for Fine-grained Control-flow Integrity in Critical Systems
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Software and application security

Recommendations

HerQules: securing programs via hardware-enforced message queues
ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Many computer programs directly manipulate memory using unsafe pointers, which may introduce memory safety bugs. In response, past work has developed various runtime defenses, including memory safety checks, as well as mitigations like no-execute memory,...
Samurai: protecting critical data in unsafe languages
Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008

Programs written in type-unsafe languages such as C and C++ incur costly memory errors that result in corrupted data structures, program crashes, and incorrect results. We present a data-centric solution to memory corruption called critical memory, a ...
Compiling c programs into a strongly typed assembly language
ASIAN'07: Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security

C is one of the most popular languages in system programming, though its unsafe nature often causes security vulnerabilities. In the face of this situation, many tools are developed to ensure safety properties of C programs. However, most of them work ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 19, Issue 5

Special Issue on LCETES, Part 1, Real-Time, Critical Systems, and Approximation

September 2020

229 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/3426818

Editor:
Sandeep K. Shukla
Indian Institute of Technology, India

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 26 September 2020

Online AM: 07 May 2020

Accepted: 01 May 2020

Revised: 01 April 2020

Received: 01 November 2019

Published in TECS Volume 19, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
186
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)4

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

akkaoui AZAHIDI YEl Moufid MDACHRY WGZIRI HMedromi H(2024)Developing medical devices with emerging technologies: trends, challenges, and future directionsF1000Research10.12688/f1000research.154869.113(1007)Online publication date: 4-Sep-2024
https://doi.org/10.12688/f1000research.154869.1
Brohet MRegazzoni F(2023)A Survey on Thwarting Memory Corruption in RISC-VACM Computing Surveys10.1145/360490656:2(1-29)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604906
Li SWang WLi WZhang D(2023)Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation TechnologyIEEE Access10.1109/ACCESS.2023.333704311(133255-133280)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3337043
Dar GNatale GKeren O(2022)Nonlinear Code-Based Low-Overhead Fine-Grained Control Flow CheckingIEEE Transactions on Computers10.1109/TC.2021.305713271:3(658-669)Online publication date: 1-Mar-2022
https://doi.org/10.1109/TC.2021.3057132

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents