TY - JOUR
T1 - Anatomy of Memory Corruption Attacks and Mitigations in Embedded Systems
AU - Tsoutsos, Nektarios Georgios
AU - Maniatakos, Michail
N1 - Funding Information:
Manuscript received April 21, 2018; accepted April 21, 2018. Date of publication April 23, 2018; date of current version September 7, 2018. The Embedded Security Challenge was funded by the National Science Foundation under Grant 1513130. This manuscript was recommended for publication by S. Parameswaran. (Corresponding author: Nektarios Georgios Tsoutsos.) The authors are with the Division of Engineering, New York University Abu Dhabi, Abu Dhabi 129188, UAE (e-mail: [email protected]; [email protected]).
Publisher Copyright:
© 2018 IEEE.
PY - 2018/9
Y1 - 2018/9
N2 - For more than two decades, memory safety violations and control-flow integrity attacks have been a prominent threat to the security of computer systems. Contrary to regular systems that are updated regularly, application-constrained devices typically run monolithic firmware that may not be updated in the lifetime of the device after being deployed in the field. Hence, the need for protections against memory corruption becomes even more prominent. In this letter, we survey memory safety in the context of embedded processors, and describe different attacks that can subvert the legitimate control flow, with a special focus on return oriented programming. Based on common attack trends, we formulate the anatomy of typical memory corruption attacks and discuss powerful mitigation techniques that have been reported in the literature.
AB - For more than two decades, memory safety violations and control-flow integrity attacks have been a prominent threat to the security of computer systems. Contrary to regular systems that are updated regularly, application-constrained devices typically run monolithic firmware that may not be updated in the lifetime of the device after being deployed in the field. Hence, the need for protections against memory corruption becomes even more prominent. In this letter, we survey memory safety in the context of embedded processors, and describe different attacks that can subvert the legitimate control flow, with a special focus on return oriented programming. Based on common attack trends, we formulate the anatomy of typical memory corruption attacks and discuss powerful mitigation techniques that have been reported in the literature.
KW - Buffer overflows
KW - control-flow integrity protections
KW - memory safety violations
KW - return oriented programming (ROP)
UR - http://www.scopus.com/inward/record.url?scp=85045988526&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85045988526&partnerID=8YFLogxK
U2 - 10.1109/LES.2018.2829777
DO - 10.1109/LES.2018.2829777
M3 - Article
AN - SCOPUS:85045988526
SN - 1943-0663
VL - 10
SP - 95
EP - 98
JO - IEEE Embedded Systems Letters
JF - IEEE Embedded Systems Letters
IS - 3
M1 - 8345581
ER -