EILID: Execution Integrity for Low-end IoT Devices

TL;DR

EILID is a hybrid architecture that actively monitors control-flow violations on low-end IoT devices, providing real-time execution integrity by combining prevention and detection techniques.

Contribution

It introduces EILID, a novel hybrid system that ensures runtime control-flow integrity on low-end IoT devices using semi-automatic code instrumentation and a secure shadow stack.

Findings

Achieves fine-grained backward-edge CFI.

Provides function-level forward-edge CFI.

Ensures real-time control-flow monitoring.

Abstract

Prior research yielded many techniques to mitigate software compromise for low-end Internet of Things (IoT) devices. Some of them detect software modifications via remote attestation and similar services, while others preventatively ensure software (static) integrity. However, achieving run-time (dynamic) security, e.g., control-flow integrity (CFI), remains a challenge. Control-flow attestation (CFA) is one approach that minimizes the burden on devices. However, CFA is not a real-time countermeasure against run-time attacks since it requires communication with a verifying entity. This poses significant risks if safety- or time-critical tasks have memory vulnerabilities. To address this issue, we construct EILID - a hybrid architecture that ensures software execution integrity by actively monitoring control-flow violations on low-end devices. EILID is built atop CASU, a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability. EILID achieves fine-grained backward-edge and function-level forward-edge CFI via semi-automatic code instrumentation and a secure shadow stack.