Find in Library

Embedded systems are deployed in many fields, from industrial applications to personal products. However, there are growing concerns regarding the security of these embedded systems as the number of attacks targeting them has increased. Control flow integrity (CFI) is a well-known security solution against these attacks. However, according to our analysis, existing CFI methods cannot be widely used in embedded systems one or more of the following reasons. (1) They require special hardware features that are not available in embedded systems, (2) they require that the developer recompile the source code with their compiler toolchain and (3) they incur considerable performance overhead to ensure CFI at runtime. In this paper, we propose <monospace>CEST</monospace>, a new scheme to ensure CFI on embedded systems using ARM TrustZone-M, a security extension for embedded ARM processors. For better compatibility, we designed <monospace>CEST</monospace> to be binary compatible. The evaluation results show that <monospace>CEST</monospace> can effectively enforce CFI compared to the existing studies using SVC.