FH-CFI: Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices. Issue 116 (May 2022)
- Record Type:
- Journal Article
- Title:
- FH-CFI: Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices. Issue 116 (May 2022)
- Main Title:
- FH-CFI: Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices
- Authors:
- Fu, Anmin
Ding, Weijia
Kuang, Boyu
Li, Qianmu
Susilo, Willy
Zhang, Yuqing - Abstract:
- Abstract: Code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP) attacks, have become a great threat to the runtime security of ARM-based Internet of Things (IoT) devices. Attackers can utilize CRAs to hijack the control flow of programs in ARM-based IoT devices to make them perform malicious actions without injecting any codes. Control flow integrity (CFI) is an important cornerstone for the security of ARM-based IoT devices, as it enforces the correct control flow of devices and defends against CRAs. However, coarse-grained CFI schemes suffer from security issues, like key leakage and coarse-grained protection, which allows attackers to bypass their defenses. Meanwhile, fine-grained CFI schemes bring high overhead and have the multi-to-one problem. In this paper, we propose FH-CFI, a fine-grained hardware-assisted CFI scheme to help ARM-based IoT devices resist refined CRAs without leaking their encryption/decryption keys. We utilize hash-based message authentication codes to protect the return addresses from being changed, thus resisting ROP attacks without key leakage. Moreover, we encrypt instructions at target sites with the call sites' information to defeat JOP attacks in fine-grained. Additionally, we have designed a diverter to solve the multi-to-one problem that exists in fine-grained CFI schemes. Theoretical analyses demonstrate the security of our FH-CFI. Experimental evaluations on ARM-based IoT devices show thatAbstract: Code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP) attacks, have become a great threat to the runtime security of ARM-based Internet of Things (IoT) devices. Attackers can utilize CRAs to hijack the control flow of programs in ARM-based IoT devices to make them perform malicious actions without injecting any codes. Control flow integrity (CFI) is an important cornerstone for the security of ARM-based IoT devices, as it enforces the correct control flow of devices and defends against CRAs. However, coarse-grained CFI schemes suffer from security issues, like key leakage and coarse-grained protection, which allows attackers to bypass their defenses. Meanwhile, fine-grained CFI schemes bring high overhead and have the multi-to-one problem. In this paper, we propose FH-CFI, a fine-grained hardware-assisted CFI scheme to help ARM-based IoT devices resist refined CRAs without leaking their encryption/decryption keys. We utilize hash-based message authentication codes to protect the return addresses from being changed, thus resisting ROP attacks without key leakage. Moreover, we encrypt instructions at target sites with the call sites' information to defeat JOP attacks in fine-grained. Additionally, we have designed a diverter to solve the multi-to-one problem that exists in fine-grained CFI schemes. Theoretical analyses demonstrate the security of our FH-CFI. Experimental evaluations on ARM-based IoT devices show that FH-CFI has greater effectiveness and stronger security than existing state-of-the-art CFI schemes, with few additional overheads. … (more)
- Is Part Of:
- Computers & security. Issue 116(2022)
- Journal:
- Computers & security
- Issue:
- Issue 116(2022)
- Issue Display:
- Volume 116, Issue 116 (2022)
- Year:
- 2022
- Volume:
- 116
- Issue:
- 116
- Issue Sort Value:
- 2022-0116-0116-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-05
- Subjects:
- Code reuse attacks (CRAs) -- Runtime security -- Control flow integrity (CFI)
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102666 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22275.xml