Design and Implementation of RTOS-Aware Control-Flow Integrity Mechanism for Microcontroller-Based Systems

抄録

CFI (Control-Flow Integrity) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a lightweight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-M, a hardware-assisted security feature for embedded systems with tight resource constraints. TZmCFI embodies several existing CFI techniques to provide a self-contained toolset for building an instrumented application. The toolset is comprised of a modified LLVM-based compiler and a runtime library called Monitor. The modified LLVM code generator implements the traditional shadow stack technique by inserting calls to Monitor. To protect exception handlers, Monitor replaces an application's exception vector table and wrap interrupt handlers with exception trampolines, which implement variations of the shadow exception stack technique we proposed in our previous work. The performance evaluation on NXP Semiconductors LPC55S69 indicated a -7–35% increase in the execution times of FreeRTOS+MPU system calls and a 9.36% runtime overhead on CoreMark.