@inproceedings{1126,
  author = {Robert Walls and Nicholas Brown and Thomas Le Baron and Craig Shue and Hamed Okhravi and Bryan Ward},
  editor = {Sophie Quinton},
  title = {Control-Flow Integrity for Real-Time Embedded Systems},
  abstract = {<p><span>Attacks on real-time embedded systems can endanger lives and critical infrastructure. Despite this, techniques for securing embedded systems software have not been widely studied. Many existing security techniques for general-purpose computers rely on assumptions that do not hold in the embedded case. This paper focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general-purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general-purpose computer with a rich operating system, CFI cannot provide any security guarantees. This work proposes RECFISH, a system for providing CFI guarantees on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection. We empirically evaluate RECFISH and its performance implications for real-time systems. Our results suggest RECFISH can be directly applied to binaries without compromising real-time performance; in a test of over six million realistic task systems running FreeRTOS, 85% were still schedulable after adding RECFISH.</span></p>},
  year = {2019},
  journal = {31st Euromicro Conference on Real-Time Systems},
  volume = {133},
  pages = {1-2},
  month = {07/2019},
  publisher = {Schloss Dagstuhl &mdash; Leibniz-Zentrum für Informatik},
  address = {Dagstuhl, Germany},
  issn = {1868-8969},
  isbn = {978-3-95977-110-8},
  url = {https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2019.2},
  doi = {10.4230/LIPIcs.ECRTS.2019.2},
}