| Title | The final security problem in IOT: Don’t count on the canary! |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Zhou, Qian, Dai, Hua, Liu, Liang, Shi, Kai, Chen, Jie, Jiang, Hong |
| Conference Name | 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC) |
| Keywords | anomaly detection, buffer overflow, CFI, composability, Cyberspace, Data Science, encoding, human factors, Layout, Programming, pubcrawl, Resiliency, Resists, ROP, rop attacks, Scalability, Software |
| Abstract | Memory-based vulnerabilities are becoming more and more common in low-power and low-cost devices in IOT. We study several low-level vulnerabilities that lead to memory corruption in C and C++ programs, and how to use stack corruption and format string attack to exploit these vulnerabilities. Automatic methods for resisting memory attacks, such as stack canary and address space layout randomization ASLR, are studied. These methods do not need to change the source program. However, a return-oriented programming (ROP) technology can bypass them. Control flow integrity (CFI) can resist the destruction of ROP technology. In fact, the security design is holistic. Finally, we summarize the rules of security coding in embedded devices, and propose two novel methods of software anomaly detection process for IOT devices in the future. |
| DOI | 10.1109/DSC55868.2022.00090 |
| Citation Key | zhou_final_2022 |
The final security problem in IOT: Don’t count on the canary!