$$\mu $$ IPS: Software-Based Intrusion Prevention for Bare-Metal Embedded Systems

$$\mu $$ IPS: Software-Based Intrusion Prevention for Bare-Metal Embedded Systems

연구 분야: Cryptography

학회: European Symposium on Research in Computer Security

Many embedded systems are low-cost bare-metal systems where the firmware executes directly on hardware without an OS. Bare-metal systems typically lack many security primitives, including the well-known Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), and their integrity can be compromised using a single vulnerability. Proposed defenses have not yet been deployed due to their requirements for firmware source code availability or hardware modifications. We present \(\mu \)IPS, the first Intrusion Prevention System (IPS) for bare-metal systems that requires no modification to the hardware and can be applied to stripped binaries without access to the source code. \(\mu \)IPS enforces fine-grained control-flow protection targeting both forward and backward edges. To achieve that, \(\mu \)IPS introduces a novel Trusted Execution Environment (TEE) to provide memory isolation at runtime while handling the hardware limitations of bare-metal systems. \(\mu \)IPS also provides Remote Integrity Check (RIC) mechanism to validate the integrity of control-flow protection policies and the TEE code, and secure Over-The-Air (OTA) update mechanism to deploy the updated policies. We evaluate \(\mu \)IPS against ten real-world representative firmware. \(\mu \)IPS imposes a \(31\%\) execution overhead on average on binary instrumented firmware. \(\mu \)IPS reduces exposure to Return-Oriented Programming (ROP) attacks by \(99\%\).