Visible to the public MicroGuard: Securing Bare-Metal Microcontrollers against Code-Reuse Attacks

TitleMicroGuard: Securing Bare-Metal Microcontrollers against Code-Reuse Attacks
Publication TypeConference Paper
Year of Publication2019
AuthorsSalehi, Majid, Hughes, Danny, Crispo, Bruno
Conference Name2019 IEEE Conference on Dependable and Secure Computing (DSC)
Keywordsautomated code randomization, bare-metal micro controllers, bare-metal microcontrollers, code randomization, code-reuse attacks, Collaboration, component-level sandboxing, composability, data protection, Internet of Things, Internet of Things devices, IoT devices, microcontrollers, MicroGuard, mitigation method, policy-based governance, pubcrawl, Sandboxing, security of data, source code (software)
AbstractBare-metal microcontrollers are a family of Internet of Things (IoT) devices which are increasingly deployed in critical industrial environments. Similar to other IoT devices, bare-metal microcontrollers are vulnerable to memory corruption and code-reuse attacks. We propose MicroGuard, a novel mitigation method based on component-level sandboxing and automated code randomization to securely encapsulate application components in isolated environments. We implemented MicroGuard and evaluated its efficacy and efficiency with a real-world benchmark against different types of attacks. As our evaluation shows, MicroGuard provides better security than ACES, current state-of-the-art protection framework for bare-metal microcontrollers, with a comparable performance overhead.
Citation Keysalehi_microguard_2019