Title | Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems |
Publication Type | Conference Paper |
Year of Publication | 2022 |
Authors | Eftekhari Moghadam, Vahid, Prinetto, Paolo, Roascio, Gianluca |
Conference Name | 2022 IEEE European Test Symposium (ETS) |
Keywords | composability, control systems, control-flow integrity, human factors, Internet of Things, IoT, JOP, Multicore processing, Operating systems, pubcrawl, Real-time Systems, Resiliency, return-oriented programming, ROP, rop attacks, Scalability, security, Software, software security, Timing, Virtual machine monitors |
Abstract | The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform.This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties. |
DOI | 10.1109/ETS54262.2022.9810441 |
Citation Key | eftekhari_moghadam_real-time_2022 |