Return-oriented programming on a resource constrained device

摘要

Microcontrollers are found in many everyday devices and will only become more prevalent as the Internet of Things (IoT) and other low power devices gain momentum. As such, it is increasingly important that they are reasonably resilient to known exploitation techniques. Modern enterprise-grade systems with virtually unlimited resources have many options when it comes to implementing state of the art intrusion prevention and detection solutions. These solutions are costly in terms of energy, execution time, circuit board area, and - of - course - money. Sustainable IoT devices and power-constrained embedded systems cannot afford such costs and are forced to make suboptimal security trade-offs. One such trade-off is the design of architectures which prevent execution of injected shell code, yet have allowed Return Oriented Programming (ROP) to emerge as a more reliable way to execute malicious code following attacks. ROP is a method used to take over the execution of a program by causing the return address of a function to be modified through an exploit vector, then returning to small segments of otherwise innocuous code located in executable memory one after the other to carry out the attacker's aims. It will be shown that the Tiva TM4C123GH6PM microcontroller, which utilizes a Cortex-M4F processor, can be fully controlled with this technique. Sufficient code is pre-loaded into a ROM on Tiva microcontrollers to erase and rewrite the flash memory where the program resides. Then, that same ROM is searched for a Turing-complete gadget set which would allow for arbitrary execution. This allows an attacker to re-purpose the microcontroller, altering the original functionality to their own malicious ends. Our results show that advanced exploitation techniques are still effective against embedded systems which prioritize energy-efficiency and that more research needs to be focused on finding the right balance of security for devices with a small energy footprint. (C) 2018 Elsevier Inc. All rights reserved.