Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, Ziming Zhao

TL;DR

The paper tackles the problem of fragmented Cortex-M security knowledge by providing a comprehensive systematization of hardware limitations, software vulnerabilities, and defense research. It employs a multi-layer methodology, including an adversarial model, hardware analysis, large-scale firmware collection and analysis, bug-report taxonomy, and literature review, underpinned by open data and tools. Key contributions include an empirical dataset of 1,797 Cortex-M firmware, a taxonomy of 310 CVEs across vendors and RTOSs, and a cross-layer evaluation of more than 50 defenses, culminating in actionable recommendations for researchers and MCU developers. The work advances practical understanding of Cortex-M security, highlighting the gap between theoretical isolation concepts and real-world firmware, and guiding future hardware design, secure software practices, and ecosystem collaboration.

Abstract

Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. Despite the widespread usage, there has been little effort in summarizing their hardware security features, characterizing the limitations and vulnerabilities of their hardware and software stack, and systematizing the research on securing these systems. The goals and contributions of this paper are multi-fold. First, we analyze the hardware security limitations and issues of Cortex-M systems. Second, we conducted a deep study of the software stack designed for Cortex-M and revealed its limitations, which is accompanied by an empirical analysis of 1,797 real-world firmware. Third, we categorize the reported bugs in Cortex-M software systems. Finally, we systematize the efforts that aim at securing Cortex-M systems and evaluate them in terms of the protections they offer, runtime performance, required hardware features, etc. Based on the insights, we develop a set of recommendations for the research community and MCU software developers.

SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

TL;DR

The paper tackles the problem of fragmented Cortex-M security knowledge by providing a comprehensive systematization of hardware limitations, software vulnerabilities, and defense research. It employs a multi-layer methodology, including an adversarial model, hardware analysis, large-scale firmware collection and analysis, bug-report taxonomy, and literature review, underpinned by open data and tools. Key contributions include an empirical dataset of 1,797 Cortex-M firmware, a taxonomy of 310 CVEs across vendors and RTOSs, and a cross-layer evaluation of more than 50 defenses, culminating in actionable recommendations for researchers and MCU developers. The work advances practical understanding of Cortex-M security, highlighting the gap between theoretical isolation concepts and real-world firmware, and guiding future hardware design, secure software practices, and ecosystem collaboration.

Abstract

Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. Despite the widespread usage, there has been little effort in summarizing their hardware security features, characterizing the limitations and vulnerabilities of their hardware and software stack, and systematizing the research on securing these systems. The goals and contributions of this paper are multi-fold. First, we analyze the hardware security limitations and issues of Cortex-M systems. Second, we conducted a deep study of the software stack designed for Cortex-M and revealed its limitations, which is accompanied by an empirical analysis of 1,797 real-world firmware. Third, we categorize the reported bugs in Cortex-M software systems. Finally, we systematize the efforts that aim at securing Cortex-M systems and evaluate them in terms of the protections they offer, runtime performance, required hardware features, etc. Based on the insights, we develop a set of recommendations for the research community and MCU software developers.
Paper Structure (33 sections, 3 figures, 5 tables)

This paper contains 33 sections, 3 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Methodology
  3. Adversarial Model
  4. Analyzing Hardware Offerings
  5. Collecting and Analyzing Firmware
  6. Collecting and Analyzing Bug Reports
  7. Systematizing Scientific Publications
  8. Threats to Validity
  9. Hardware Limitations and Issues
  10. Hardware Limitations
  11. Hardware Issues
  12. Software Architectural Issues
  13. Software Architectures
  14. Architectural Issues
  15. Software Implementation Issues
  16. ...and 18 more sections

Figures (3)

  • Figure 1: Overview of the organization and contributions of this paper
  • Figure 2: Identified Cortex-M software architectures in the collected dataset and in the literature. NS-UP: non-secure unprivileged, NS-P: non-secure privileged, S-UP: secure unprivileged, S-P: secure privileged.
  • Figure 3: The relationships among the systematized Cortex-M related limitations, issues, and mitigations. The connections indicate the issues a research direction attempts to address and the limitations it needs to overcome. For instance, to address the issue of no or weak privilege separation (\ref{['No or weak privilege separation:']}), mitigations (\ref{['Privilege separation:']}, \ref{['Virtualization:']}, and \ref{['Multi-world systems:']}) have been proposed, and they overcome some limitations (\ref{['No memory virtualization:']}, \ref{['No input-output memory management unit:']}, and \ref{['A small number of MPU regions and limited sizes:']}). An interactive version of this figure can be accessed at our anonymized repo.