IEEE Access (Jan 2022)

Efficient CFI Enforcement for Embedded Systems Using ARM TrustZone-M

  • Gisu Yeo,
  • Yeryeong Kim,
  • Suhyeon Song,
  • Donghyun Kwon

DOI
https://doi.org/10.1109/ACCESS.2022.3230791
Journal volume & issue
Vol. 10
pp. 132675 – 132684

Abstract

Read online

Embedded systems are deployed in many fields, from industrial applications to personal products. However, there are growing concerns regarding the security of these embedded systems as the number of attacks targeting them has increased. Control flow integrity (CFI) is a well-known security solution against these attacks. However, according to our analysis, existing CFI methods cannot be widely used in embedded systems one or more of the following reasons. (1) They require special hardware features that are not available in embedded systems, (2) they require that the developer recompile the source code with their compiler toolchain and (3) they incur considerable performance overhead to ensure CFI at runtime. In this paper, we propose CEST, a new scheme to ensure CFI on embedded systems using ARM TrustZone-M, a security extension for embedded ARM processors. For better compatibility, we designed CEST to be binary compatible. The evaluation results show that CEST can effectively enforce CFI compared to the existing studies using SVC.

Keywords