For more than two decades, memory safety violations and control-flow integrity attacks have been a prominent threat to the security of computer systems. Contrary to regular systems that are updated regularly, application-constrained devices typically run monolithic firmware that may not be updated in the lifetime of the device after being deployed in the field. Hence, the need for protections against memory corruption becomes even more prominent. In this letter, we survey memory safety in the context of embedded processors, and describe different attacks that can subvert the legitimate control flow, with a special focus on return oriented programming. Based on common attack trends, we formulate the anatomy of typical memory corruption attacks and discuss powerful mitigation techniques that have been reported in the literature.
- Buffer overflows
- control-flow integrity protections
- memory safety violations
- return oriented programming (ROP)
ASJC Scopus subject areas
- Control and Systems Engineering
- Computer Science(all)