Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for exploits and malware. Prior research proposed various security architectures for enforcing security properties for resource-constrained devices, e.g., via Remote Attestation (RA). Such techniques can (statically) verify software integrity of a remote device and detect compromise. However, run-time (dynamic) security, e.g., via Control-Flow Integrity (CFI), is hard to achieve. This work constructs an architecture that ensures integrity of software execution against run-time attacks, such as Return-Oriented Programming (ROP). It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability. We extend CASU to support a shadow stack and a CFI monitor to mitigate run-time attacks. This gives some confidence that CFI can indeed be attained even on low-end devices, with minimal hardware overhead.

翻译：摘要：嵌入式设备、智能设备和物联网设备在众多日常场景中日益普及。由于低端设备的成本约束最为严格，它们往往很少甚至不具备安全功能，这使得它们成为漏洞利用和恶意软件的攻击目标。此前的研究提出了各种用于资源受限设备的安全架构，例如通过远程验证（RA）来强制实施安全属性。此类技术能够（静态地）验证远程设备的软件完整性并检测其是否被入侵。然而，运行时（动态）安全措施（例如通过控制流完整性（CFI）实现）难以实现。本研究构建了一种架构，用于确保软件执行免受返回导向编程（ROP）等运行时攻击的完整性。该架构基于最近提出的CASU——一种低成本、活跃的信任根（RoT），可保证软件不可篡改性。我们扩展了CASU，以支持影子栈和CFI监控器，从而缓解运行时攻击。这使我们有理由相信，即使在低端设备上，也能在最小硬件开销下实现CFI。