# CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial   Microcontrollers

**Authors:** Thomas Nyman, Jan-Erik Ekberg, Lucas Davi, N. Asokan

arXiv: 1706.05715 · 2017-06-20

## TL;DR

CaRE is a novel hardware-supported control-flow integrity scheme for microcontrollers in IoT devices, leveraging TrustZone-M to enhance security against memory corruption attacks with minimal performance impact.

## Contribution

This paper introduces CaRE, the first interrupt-aware CFI scheme for low-end MCUs that uses TrustZone-M for secure metadata protection and preserves binary layout.

## Key findings

- CaRE effectively protects MCU software against control-flow attacks.
- CaRE imposes acceptable performance and memory overheads.
- Implementation on Cortex-M demonstrates practical security benefits.

## Abstract

With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices. Control-flow integrity (CFI) is a promising and generic defense technique against these attacks. However, given the nature of IoT deployments, existing protection mechanisms for traditional computing environments (including CFI) need to be adapted to the IoT setting. In this paper, we describe the challenges of enabling CFI on microcontroller (MCU) based IoT devices. We then present CaRE, the first interrupt-aware CFI scheme for low-end MCUs. CaRE uses a novel way of protecting the CFI metadata by leveraging TrustZone-M security extensions introduced in the ARMv8-M architecture. Its binary instrumentation approach preserves the memory layout of the target MCU software, allowing pre-built bare-metal binary code to be protected by CaRE. We describe our implementation on a Cortex-M Prototyping System and demonstrate that CaRE is secure while imposing acceptable performance and memory impact.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1706.05715/full.md

## Figures

5 figures with captions in the complete paper: https://tomesphere.com/paper/1706.05715/full.md

## References

53 references — full list in the complete paper: https://tomesphere.com/paper/1706.05715/full.md

---
Source: https://tomesphere.com/paper/1706.05715