TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M

Control-Flow Integrity (CFI) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a light-weight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-M, a hardware-assisted security feature for embedded systems...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of parallel programming Vol. 49; no. 2; pp. 216 - 236
Main Authors Kawada, Tomoaki, Honda, Shinya, Matsubara, Yutaka, Takada, Hiroaki
Format Journal Article
LanguageEnglish
Published New York Springer US 01.04.2021
Springer Nature B.V
Subjects
Computer Science
Embedded systems
Integrity
Processor Architectures
Prototyping
Shadows
Software Engineering/Programming and Operating Systems
Theory of Computation
Weight reduction
Embedded systems
Control-flow attacks
TrustZone
Real-time operating systems
Online AccessGet full text

Cover

More Information
Summary:Control-Flow Integrity (CFI) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a light-weight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-M, a hardware-assisted security feature for embedded systems with tight resource constraints. TZmCFI embodies several existing CFI techniques to provide a comprehensive protection. The traditional shadow stack technique is used to ensure stack integrity and validate function returns. To protect exception handlers, TZmCFI extends shadow exception stacks , which are a variant of the traditional shadow stack technique we proposed in our previous work, for RTOS integration and performance improvement. We conducted an experiment on Arm Versatile Express Cortex-M Prototyping System (V2M-MPS2+) to evaluate the run-time overhead of the proposed system.
ISSN:0885-7458
1573-7640
DOI:10.1007/s10766-020-00673-z