Fast Execute-Only Memory for Embedded Systems
Zhuojia Shen, Komail Dharsee, John Criswell
TL;DR
PicoXOM is a new execute-only memory system for ARM embedded devices that offers high security with minimal performance and size overhead by utilizing ARM's hardware features.
Contribution
It introduces PicoXOM, a fast and efficient XOM solution for ARMv7-M and ARMv8-M that leverages existing hardware features to reduce overhead.
Findings
Average 0.33% performance overhead
Average 5.89% code size overhead
Effective protection against remote code disclosure
Abstract
Remote code disclosure attacks threaten embedded systems as they allow attackers to steal intellectual property or to find reusable code for use in control-flow hijacking attacks. Execute-only memory (XOM) prevents remote code disclosures, but existing XOM solutions either require a memory management unit that is not available on ARM embedded systems or incur significant overhead. We present PicoXOM: a fast and novel XOM system for ARMv7-M and ARMv8-M devices which leverages ARM's Data Watchpoint and Tracing unit along with the processor's simplified memory protection hardware. On average, PicoXOM incurs 0.33% performance overhead and 5.89% code size overhead on two benchmark suites and five real-world applications.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cloud Data Security Solutions