Politecnico di Torino (logo)

Asymmetric Verification for Control-flow Integrity in Multicore Embedded Systems

Marco Meloni

Asymmetric Verification for Control-flow Integrity in Multicore Embedded Systems.

Rel. Paolo Ernesto Prinetto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview

Embedded systems play an increasingly central role in modern society, thanks to the spread of the Internet of Things (IoT) and the use of smart control systems in the automotive and aeronautical domains. Their use in mission-critical or safety-critical systems makes them attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, meaning that they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic operating systems. Right now, security solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, which often make assumptions that do not hold in the embedded domain. Control-Flow Integrity (CFI) is a powerful security technique to protect against many kinds of binary attacks, such as Arbitrary Code Execution (ACE) like Return-Oriented Programming (ROP). Through static analysis of the application, a Control-Flow Graph (CFG) is created, describing all the allowed branches and their valid targets. At runtime, control-flow transfers are checked against the graph and possible deviations are stopped. The aim of this thesis is to investigate CFI application in the RTOS domain, first taking a picture on what is currently under experimentation in the embedded world, and then identifying the critical issues which are still unsolved. Finally, the thesis proposes a possible solution for multicore systems running mixed-criticality tasks. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks. This way, the complete CFI monitoring will be offloaded to the lower-criticality core, which makes it possible to implement a solid defense for high-criticality tasks while not compromising on their tight deadlines. In this proposal, the high-criticality core sends a request for CFI verification, along with the necessary information, whenever a vulnerable operation is about to happen, and stops the task only if a violation is detected. The work also presents theoretical results about a possible implementation for ARM platforms running a minimal RTOS, along with the computation of the estimated performance penalties.

Relators: Paolo Ernesto Prinetto
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 65
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/20590
Modify record (reserved for operators) Modify record (reserved for operators)