Hafix

Davi, Lucas; Hanreich, Matthias; Paul, Debayan; Sadeghi, Ahmad‐Reza; Koeberl, Patrick; Sullivan, Dean; Arias, Orlando; Jin, Yier

doi:10.1145/2744769.2744847

Cited by 128 publications

(8 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We implemented a proof-of-concept prototype of CaRE on the ARM Versatile Express Cortex-M Prototyping System MPS2+ configured as a Cortex-M23 CPU. 15 .…”

Section: Methodsmentioning

confidence: 99%

“…An important feature of M-class cores is their deterministic interrupt latency in part attributable to the fact that the context-switch, while entering the exception handler, is performed entirely in hardware. An instruction that triggers an exception, such as the svc used for supervisor calls, causes 1) the hardware to save the current execution context state onto a stack 15 We also tested our prototype on the CMSDK_ARMv8MBL FastModel emulator pointed to by one of the sp registers, 2) the ipsr to be updated with the number of the taken exception, and 3) the processor to switch into Handler mode in which exceptions are taken. Table 4 shows the layout of a typical stack frame created during exception entry 17 .…”

Section: Methodsmentioning

confidence: 99%

“…AVRAND by Pastrana et al [44] constitutes a software-based defense against code reuse attacks for AVR devices. HAFIX [15] is a hardware-based CFI solution for the Intel Siskiyou Peak and SPARC embedded system architectures.…”

Section: Related Workmentioning

confidence: 99%

“…Countermeasures for general purpose computing devices, such as ASLR, often rely on hardware features (e.g., virtual memory) that are unavailable in simple MCUs. Prior CFI schemes for embedded systems, such as HAFIX [15], and the recently announced Intel Control-flow Enforcement Technology (CET) [31], require changes to the hardware and toolchain, access to source code and do not support interrupts.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers

Nyman

Ekberg²,

Davi

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices. Control-flow integrity (CFI) is a promising and generic defense technique against these attacks. However, given the nature of IoT deployments, existing protection mechanisms for traditional computing environments (including CFI) need to be adapted to the IoT setting. In this paper, we describe the challenges of enabling CFI on microcontroller (MCU) based IoT devices. We then present CaRE, the first interrupt-aware CFI scheme for low-end MCUs. CaRE uses a novel way of protecting the CFI metadata by leveraging TrustZone-M security extensions introduced in the ARMv8-M architecture. Its binary instrumentation approach preserves the memory layout of the target MCU software, allowing pre-built bare-metal binary code to be protected by CaRE. We describe our implementation on a Cortex-M Prototyping System and demonstrate that CaRE is secure while imposing acceptable performance and memory impact. 1

show abstract

“…We implemented a proof-of-concept prototype of CaRE on the ARM Versatile Express Cortex-M Prototyping System MPS2+ configured as a Cortex-M23 CPU. 15 .…”

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers

Nyman

Ekberg²,

Davi

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…In addition to the instructions, the processor needs the metadata defining a complete CFG. Some solutions such as HAFIX [5] or CHERI [18] propose to enrich the instruction set architecture (ISA) semantic with new instructions, embedding the metadata in the instructions themselves.…”

Section: Introductionmentioning

confidence: 99%

A case against indirect jumps for secure programs

Gonzalvez

Lashermes

2019

Proceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering

View full text Add to dashboard Cite

A desired property of secure programs is control flow integrity (CFI): an attacker must not be able to alter how instructions are chained as specified in the program. Numerous techniques try to achieve this property with various trade-offs. But to achieve fine-grained CFI, one is required to extract a precise control flow graph (CFG), describing how instructions are chained together. Unfortunately it is not achievable in general. In this paper, we propose a way to overcome this impossibility result by restricting the instruction set architecture (ISA) semantics. We show that forbidding indirect jumps unlocks a precise CFG extraction for all acceptable programs. We discuss the implications and limitations of the new semantics and argue for the adoption of restricted ISAs for security-related computation.

show abstract

Bibliography

2016

Cyber‐Assurance for the Internet of Things

View full text Add to dashboard Cite

Hafix

Cited by 128 publications

References 12 publications

CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers

CFI CaRE: Hardware-Supported Call and Return Enforcement for Commercial Microcontrollers

A case against indirect jumps for secure programs

Bibliography

Contact Info

Product

Resources

About