Challenges in designing exploit mitigations for deeply embedded systems

Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
1 Downloads (Pure)

Abstract

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

Original languageEnglish
Title of host publicationProceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages31-46
Number of pages16
ISBN (Electronic)978-1-7281-1148-3
DOIs
Publication statusPublished - 1 Jun 2019
Event4th IEEE European Symposium on Security and Privacy, EURO S and P 2019 - Stockholm, Sweden
Duration: 17 Jun 201919 Jun 2019

Conference

Conference4th IEEE European Symposium on Security and Privacy, EURO S and P 2019
CountrySweden
CityStockholm
Period17/06/1919/06/19

Keywords

  • Embedded System
  • Exploit Mitigation
  • Exploiting
  • Security

Fingerprint Dive into the research topics of 'Challenges in designing exploit mitigations for deeply embedded systems'. Together they form a unique fingerprint.

  • Cite this

    Abbasi, A., Wetzels, J., Holz, T., & Etalle, S. (2019). Challenges in designing exploit mitigations for deeply embedded systems. In Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019 (pp. 31-46). [8806725] Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/EuroSP.2019.00013