CToMP: A Cycle-task-oriented Memory Protection Scheme for Unmanned Systems

TL;DR

This paper introduces CToMP, a memory protection scheme tailored for unmanned systems, effectively defending against memory corruption attacks by modeling attack mechanisms and implementing targeted countermeasures with low system overhead.

Contribution

The paper presents a novel, cycle-task-oriented memory protection approach specifically designed for unmanned systems, addressing diverse attack types with practical implementation and security analysis.

Findings

CToMP effectively defends against return2libc and return2shellcode attacks.

The scheme demonstrates low system overhead and high resilience in real unmanned system deployments.

CToMP resists ROP attacks through cycle modeling and memory randomization techniques.

Abstract

Memory corruption attacks (MCAs) refer to malicious behaviors of system intruders that modify the contents of a memory location to disrupt the normal operation of computing systems, causing leakage of sensitive data or perturbations to ongoing processes. Unlike general-purpose systems, unmanned systems cannot deploy complete security protection schemes, due to their limitations in size, cost and performance. MCAs in unmanned systems are particularly difficult to defend against. Furthermore, MCAs have diverse and unpredictable attack interfaces in unmanned systems, severely impacting digital and physical sectors. In this paper, we first generalize, model and taxonomize MCAs found in unmanned systems currently, laying the foundation for designing a portable and general defense approach. According to different attack mechanisms, we found that MCAs are mainly categorized into two types--return2libc and return2shellcode. To tackle return2libc attacks, we model the erratic operation of unmanned systems with cycles and then propose a cycle-task-oriented memory protection (CToMP) approach to protect control flows from tampering. To defend against return2shellcode attacks, we introduce a secure process stack with a randomized memory address by leveraging the memory pool to prevent Shellcode from being executed. Moreover, we discuss the mechanism by which CToMP resists the ROP attack, a novel variant of return2libc attacks. Finally, we implement CToMP on CUAV V5+ with Ardupilot and Crazyflie. The evaluation and security analysis results demonstrate that the proposed approach CToMP is resilient to various MCAs in unmanned systems with low footprints and system overhead.