Challenges in designing exploit mitigations for deeply embedded systems

Ali Abbasi, Jos Wetzels, Thorsten Holz, Sandro Etalle

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

1 Downloads (Pure)

Uittreksel

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

Originele taal-2Engels
TitelProceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019
Plaats van productiePiscataway
UitgeverijInstitute of Electrical and Electronics Engineers
Pagina's31-46
Aantal pagina's16
ISBN van elektronische versie978-1-7281-1148-3
DOI's
StatusGepubliceerd - 1 jun 2019
Evenement4th IEEE European Symposium on Security and Privacy, EURO S and P 2019 - Stockholm, Zweden
Duur: 17 jun 201919 jun 2019

Congres

Congres4th IEEE European Symposium on Security and Privacy, EURO S and P 2019
LandZweden
StadStockholm
Periode17/06/1919/06/19

Vingerafdruk

Embedded systems
vulnerability
Armor
Data storage equipment
corruption
Hardening
exploitation
Chemical analysis
Vulnerability
Mitigation
Costs
present
costs
management
performance
Corruption

Citeer dit

Abbasi, A., Wetzels, J., Holz, T., & Etalle, S. (2019). Challenges in designing exploit mitigations for deeply embedded systems. In Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019 (blz. 31-46). [8806725] Piscataway: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/EuroSP.2019.00013
Abbasi, Ali ; Wetzels, Jos ; Holz, Thorsten ; Etalle, Sandro. / Challenges in designing exploit mitigations for deeply embedded systems. Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019. Piscataway : Institute of Electrical and Electronics Engineers, 2019. blz. 31-46
@inproceedings{82fd153289854fd5b8480022b0f8435e,
title = "Challenges in designing exploit mitigations for deeply embedded systems",
abstract = "Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.",
keywords = "Embedded System, Exploit Mitigation, Exploiting, Security",
author = "Ali Abbasi and Jos Wetzels and Thorsten Holz and Sandro Etalle",
year = "2019",
month = "6",
day = "1",
doi = "10.1109/EuroSP.2019.00013",
language = "English",
pages = "31--46",
booktitle = "Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019",
publisher = "Institute of Electrical and Electronics Engineers",
address = "United States",

}

Abbasi, A, Wetzels, J, Holz, T & Etalle, S 2019, Challenges in designing exploit mitigations for deeply embedded systems. in Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019., 8806725, Institute of Electrical and Electronics Engineers, Piscataway, blz. 31-46, 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019, Stockholm, Zweden, 17/06/19. https://doi.org/10.1109/EuroSP.2019.00013

Challenges in designing exploit mitigations for deeply embedded systems. / Abbasi, Ali; Wetzels, Jos; Holz, Thorsten; Etalle, Sandro.

Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019. Piscataway : Institute of Electrical and Electronics Engineers, 2019. blz. 31-46 8806725.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

TY - GEN

T1 - Challenges in designing exploit mitigations for deeply embedded systems

AU - Abbasi, Ali

AU - Wetzels, Jos

AU - Holz, Thorsten

AU - Etalle, Sandro

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

AB - Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present μArmor, an approach to address some of the key gaps identified in our quantitative analysis. μArmor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.

KW - Embedded System

KW - Exploit Mitigation

KW - Exploiting

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85072032742&partnerID=8YFLogxK

U2 - 10.1109/EuroSP.2019.00013

DO - 10.1109/EuroSP.2019.00013

M3 - Conference contribution

AN - SCOPUS:85072032742

SP - 31

EP - 46

BT - Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019

PB - Institute of Electrical and Electronics Engineers

CY - Piscataway

ER -

Abbasi A, Wetzels J, Holz T, Etalle S. Challenges in designing exploit mitigations for deeply embedded systems. In Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019. Piscataway: Institute of Electrical and Electronics Engineers. 2019. blz. 31-46. 8806725 https://doi.org/10.1109/EuroSP.2019.00013