Go to DBLP homepageParity Shadow Stack: Dynamic Instrumentation based Control Flow Security for IoT Devices
Abstract: One of the challenges in ensuring the security of Internet of Things (IoT) devices involves preserving control flow integrity (CFI) against return-oriented programming (ROP) attacks. Traditional defense mechanisms, while effective, often require substantial changes to the compiler, thereby limiting their applicability to a broad range of devices. To overcome this challenge, we present the Parity Shadow Stack — a novel, compact shadow stack mechanism that leverages dynamic instrumentation and binary rewriting to achieve similar effects compared to compiler-based methods. Further, this method does not require application source code and can work with legacy applications where only the binary is available. Finally, we demonstrate that it is more flexible as it provides a programming interface to add additional security semantics checks. Through our evaluations, we find that our method introduces a remarkably low overhead, less than 10 percent for medium-size or large-size applications. Therefore, we conclude it provides robust and practical defense against ROP attacks without requiring source code or compiler changes, nor does it require any specialized hardware.
Loading