Challenges in Designing Exploit Mitigations for Deeply Embedded Systems

TL;DR

This paper investigates the challenges of implementing exploit mitigations in embedded systems, highlighting their lag behind general-purpose systems and proposing {}Armor, a practical security enhancement.

Contribution

It provides the first quantitative analysis of exploit mitigation adoption in embedded OSes and introduces {}Armor to improve security without significant overhead.

Findings

Embedded systems significantly lag in exploit mitigation adoption.

{}Armor effectively raises the security bar with minimal performance impact.

The study highlights critical gaps and proposes practical solutions.

Abstract

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly complicate the adoption of common hardening techniques. Combined with the irregular and involved nature of embedded patch management, this results in prolonged vulnerability exposure windows and vulnerabilities that are relatively easy to exploit. Considering the sensitive and critical nature of many embedded systems, this situation merits significant improvement. In this work, we present the first quantitative study of exploit mitigation adoption in 42 embedded operating systems, showing the embedded world to significantly lag behind the general-purpose world. To improve the security of deeply embedded systems, we subsequently present {\mu}Armor, an approach to address some of the key gaps identified in our quantitative analysis. {\mu}Armor raises the bar for exploitation of embedded memory corruption vulnerabilities, while being adoptable on the short term without incurring prohibitive extra performance or storage costs.