Visible to the public Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems

TitleReal-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems
Publication TypeConference Paper
Year of Publication2022
AuthorsEftekhari Moghadam, Vahid, Prinetto, Paolo, Roascio, Gianluca
Conference Name2022 IEEE European Test Symposium (ETS)
Keywordscomposability, control systems, control-flow integrity, human factors, Internet of Things, IoT, JOP, Multicore processing, Operating systems, pubcrawl, Real-time Systems, Resiliency, return-oriented programming, ROP, rop attacks, Scalability, security, Software, software security, Timing, Virtual machine monitors
AbstractThe spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform.This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties.
DOI10.1109/ETS54262.2022.9810441
Citation Keyeftekhari_moghadam_real-time_2022