Visible to the public HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers

TitleHARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers
Publication TypeConference Paper
Year of Publication2022
AuthorsShi, Jiameng, Guan, Le, Li, Wenqiang, Zhang, Dayou, Chen, Ping, Zhang, Ning
Conference Name2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)
Date Publishedjun
Keywordscode reuse attack, codes, composability, Embedded systems, human factors, microcontroller security, microcontrollers, Proposals, Prototypes, pubcrawl, Randomization, Resiliency, rop attacks, Runtime environment, Scalability, security, TrustZone
AbstractMicrocontroller-based embedded systems have become ubiquitous with the emergence of IoT technology. Given its critical roles in many applications, its security is becoming increasingly important. Unfortunately, MCU devices are especially vulnerable. Code reuse attacks are particularly noteworthy since the memory address of firmware code is static. This work seeks to combat code reuse attacks, including ROP and more advanced JIT-ROP via continuous randomization. Previous proposals are geared towards full-fledged OSs with rich runtime environments, and therefore cannot be applied to MCUs. We propose the first solution for ARM-based MCUs. Our system, named HARM, comprises a secure runtime and a binary analysis tool with rewriting module. The secure runtime, protected inside the secure world, proactively triggers and performs non-bypassable randomization to the firmware running in a sandbox in the normal world. Our system does not rely on any firmware feature, and therefore is generally applicable to both bare-metal and RTOS-powered firmware. We have implemented a prototype on a development board. Our evaluation results indicate that HARM can effectively thaw code reuse attacks while keeping the performance and energy overhead low.
Citation Keyshi_harm_2022