Memory corruption attacks (MCAs) refer to malicious behaviors of system intruders that modify the contents of a memory location to disrupt the normal operation of computing systems, causing leakage of sensitive data or perturbations to ongoing processes. Unlike general-purpose systems, unmanned systems cannot deploy complete security protection schemes, due to their limitations in size, cost and performance. MCAs in unmanned systems are particularly difficult to defend against. Furthermore, MCAs have diverse and unpredictable attack interfaces in unmanned systems, severely impacting digital and physical sectors. In this paper, we first generalize, model and taxonomize MCAs found in unmanned systems currently, laying the foundation for designing a portable and general defense approach. According to different attack mechanisms, we found that MCAs are mainly categorized into two types--return2libc and return2shellcode. To tackle return2libc attacks, we model the erratic operation of unmanned systems with cycles and then propose a cycle-task-oriented memory protection (CToMP) approach to protect control flows from tampering. To defend against return2shellcode attacks, we introduce a secure process stack with a randomized memory address by leveraging the memory pool to prevent Shellcode from being executed. Moreover, we discuss the mechanism by which CToMP resists the ROP attack, a novel variant of return2libc attacks. Finally, we implement CToMP on CUAV V5+ with Ardupilot and Crazyflie. The evaluation and security analysis results demonstrate that the proposed approach CToMP is resilient to various MCAs in unmanned systems with low footprints and system overhead.

翻译：内存破坏攻击（MCAs）是指系统入侵者通过修改内存位置内容来破坏计算系统正常运行、导致敏感数据泄露或进程中断的恶意行为。与通用系统不同，无人系统由于在体积、成本和性能方面的限制，无法部署完整的安全保护方案。无人系统中的MCAs尤其难以防御。此外，MCAs在无人系统中具有多样且不可预测的攻击接口，严重影响数字与物理领域。本文首先对当前无人系统中发现的MCAs进行泛化、建模与分类，为设计可移植且通用的防御方法奠定基础。根据不同的攻击机制，我们发现MCAs主要分为两类——return2libc和return2shellcode。为应对return2libc攻击，我们利用周期对无人系统的异常运行进行建模，并提出一种面向任务周期的内存保护（CToMP）方法来保护控制流免受篡改。为防御return2shellcode攻击，我们通过内存池引入随机化内存地址的安全进程栈，阻止Shellcode被执行。此外，我们讨论了CToMP抵抗return2libc攻击新变种ROP攻击的机制。最后，我们在搭载Ardupilot的CUAV V5+和Crazyflie平台上实现了CToMP。评估与安全分析结果表明，所提出的CToMP方法能够以低开销和低系统负荷有效抵御无人系统中的各类MCAs。