EILID: Execution Integrity for Low-end IoT Devices
Sashidhar Jakkamsetti, Youngil Kim, Andrew Searles, Gene Tsudik
TL;DR
EILID addresses the lack of real-time runtime security for low-end IoT devices by delivering a hardware-assisted, control-flow integrity solution built on CASU-derived RoT. The approach combines a code instrumenter, a trusted shadow-stack monitor, and CASU-based hardware support to achieve backward-edge and function-level forward-edge CFI with minimal overhead. Key contributions include a three-component architecture, detailed instrumentation and runtime validation mechanisms, and an open-source prototype on openMSP430 showing practical run-time performance. This work enables real-time protection against control-flow attacks on constrained devices, enhancing safety and reliability in pervasive IoT deployments.
Abstract
Prior research yielded many techniques to mitigate software compromise for low-end Internet of Things (IoT) devices. Some of them detect software modifications via remote attestation and similar services, while others preventatively ensure software (static) integrity. However, achieving run-time (dynamic) security, e.g., control-flow integrity (CFI), remains a challenge. Control-flow attestation (CFA) is one approach that minimizes the burden on devices. However, CFA is not a real-time countermeasure against run-time attacks since it requires communication with a verifying entity. This poses significant risks if safety- or time-critical tasks have memory vulnerabilities. To address this issue, we construct EILID - a hybrid architecture that ensures software execution integrity by actively monitoring control-flow violations on low-end devices. EILID is built atop CASU, a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability. EILID achieves fine-grained backward-edge and function-level forward-edge CFI via semi-automatic code instrumentation and a secure shadow stack.