Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems

by   Jie Zhou, et al.

Embedded systems are increasingly deployed in devices that can have physical consequences if compromised by an attacker - including automobile control systems, smart locks, drones, and implantable medical devices. Due to resource and execution-time constraints, C is the primary programming language for writing both operating systems and bare-metal applications on these devices. Unfortunately, C is neither memory safe nor type safe. In this paper, we present an efficient intra-address space isolation technique for embedded ARM processors that leverages unprivileged store instructions. Using a compiler transformation, dubbed store promotion, which transforms regular stores into unprivileged equivalents, we can restrict a subset of the program's memory accesses to unprivileged memory while simultaneously allowing security instrumentation to access security-critical data structures (e.g., a shadow stack) - all without the need for expensive context switching. Using store promotion, we built Silhouette: a software defense that mitigates control-flow hijacking attacks using a combination of hardware configuration, runtime instrumentation, and code transformation. Silhouette enforces Control-Flow Integrity and provides an incorruptible shadow stack for return addresses. We implemented Silhouette on an ARMv7-M board and our evaluation shows that Silhouette incurs an arithmetic mean of 9.23 and 16.93 alternative implementation of Silhouette, which incurs just 2.54 overhead and 5.40



There are no comments yet.


page 1

page 2

page 3

page 4


Restricting Control Flow During Speculative Execution with Venkman

Side-channel attacks such as Spectre that utilize speculative execution ...

A Leak-Resilient Dual Stack Scheme for Backward-Edge Control-Flow Integrity

Manipulations of return addresses on the stack are the basis for a varie...

Pointing in the Right Direction - Securing Memory Accesses in a Faulty World

Reading and writing memory are, besides computation, the most common ope...

Proconda – Protected Control Data

Memory corruption vulnerabilities often enable attackers to take control...

Fast Execute-Only Memory for Embedded Systems

Remote code disclosure attacks threaten embedded systems as they allow a...

RegGuard: Leveraging CPU Registers for Mitigation of Control- and Data-Oriented Attacks

CPU registers are small discrete storage units, used to hold temporary d...

P4BID: Information Flow Control in P4

Modern programmable network switches can implement custom applications u...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.