Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared to general purpose computing systems like desktops or servers. However, allowing external interfaces to such embedded systems increases their exposure to attackers. With an increase in attacks against embedded systems ranging from home appliances to industrial control systems operating critical equipment that have hard real-time requirements, it is imperative that defense mechanisms be created that explicitly consider such resource and real-time constraints constraints. Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution. We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded systems, of CFI mechanisms. We then present open challenges to the community to help drive research in this domain.
翻译:计算机系统,包括实时嵌入系统,正在日益连通,以便能够更先进和更安全地运作。这种嵌入系统受到资源限制,例如处理能力较低,与桌面或服务器等一般目的计算机系统相比。然而,允许外部接口进入这类嵌入系统会增加攻击者的风险。随着从家用电器到工业控制系统等内嵌系统对运行具有硬实时要求的关键设备的攻击增加,必须建立明确考虑这种资源和实时限制限制的防御机制。控制流量完整性(CFI)是防止攻击者改变执行流动的防御机制大家庭。我们调查CFI技术,从基本到最新技术,这些技术是为嵌入系统和实时嵌入系统建造的,发现CFI机制缺乏,特别是实时嵌入系统。我们随后向社区提出公开的挑战,以帮助推动这一领域的研究。