Nowadays, embedded devices are increasingly present in everyday life, often controlling and processing critical information. For this reason, these devices make use of cryptographic protocols. However, embedded devices are particularly vulnerable to attackers seeking to hijack their operation and extract sensitive information. Code-Reuse Attacks (CRAs) can steer the execution of a program to malicious outcomes, leveraging existing on-board code without direct access to the device memory. Moreover, Side-Channel Attacks (SCAs) may reveal secret information to the attacker based on mere observation of the device. In this paper, we are particularly concerned with thwarting CRAs and SCAs against embedded devices, while taking into account their resource limitations. Fine-grained code diversification can hinder CRAs by introducing uncertainty to the binary code; while software mechanisms can thwart timing or power SCAs. The resilience to either attack may come at the price of the overall efficiency. Moreover, a unified approach that preserves these mitigations against both CRAs and SCAs is not available. This is the main novelty of our approach, Secure Diversity by Construction (SecDivCon); a combinatorial compiler-based approach that combines software diversification against CRAs with software mitigations against SCAs. SecDivCon restricts the performance overhead in the generated code, offering a secure-by-design control on the performance-security trade-off. Our experiments show that SCA-aware diversification is effective against CRAs, while preserving SCA mitigation properties at a low, controllable overhead. Given the combinatorial nature of our approach, SecDivCon is suitable for small, performance-critical functions that are sensitive to SCAs. SecDivCon may be used as a building block to whole-program code diversification or in a re-randomization scheme of cryptographic code.

翻译：如今，嵌入式设备日益融入日常生活，常负责控制与处理关键信息。为此，这些设备普遍采用密码协议。然而，嵌入式设备极易遭受试图劫持其运行并窃取敏感信息的攻击。代码复用攻击（CRAs）无需直接访问设备内存，即可利用现有板载代码将程序执行导向恶意结果。此外，侧信道攻击（SCAs）仅通过观察设备行为便可能向攻击者泄露秘密信息。本文重点关注在考虑嵌入式设备资源受限的前提下，挫败针对此类设备的CRAs与SCAs。细粒度代码多样化可通过向二进制代码引入不确定性来阻碍CRAs；而软件机制则可防御时序或功耗类SCAs。对任一攻击的抵御能力可能以整体效率为代价。此外，目前尚无统一方法可同时维持对CRAs与SCAs的防御措施。我们的方法Secure Diversity by Construction（SecDivCon）是这一领域的主要创新：一种基于编译器的组合方法，将抵御CRAs的软件多样化与防御SCAs的软件缓解措施相结合。SecDivCon限制生成代码的性能开销，实现对性能-安全性权衡的“安全即设计”控制。实验表明，具备SCA感知的多样化在保持SCA缓解特性的同时，能够有效抵御CRAs，且开销低且可控。鉴于其组合特性，SecDivCon适用于对SCAs敏感的小型、性能关键型函数。SecDivCon可作为全程序代码多样化或密码代码重随机化方案的构建模块。