AVRAND: A software-based defense against code reuse attacks for AVR embedded devices

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 9721, Issue , 2016, Pages 58-77

  Pastrana, Sergio ^a   Tapiador, Juan ^a   Suarez Tangil, Guillermo ^b   Peris López, Pedro ^a  

^a UNIVERSIDAD CARLOS III DE MADRID   (Spain)

^b UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

AVR; Code reuse attacks; Embedded devices; Internet of things; Memory randomization; Return Oriented Programming

Indexed keywords

CODES (SYMBOLS); COMPUTER CRIME; COMPUTER SOFTWARE REUSABILITY; FIRMWARE; INTERNET OF THINGS; MALWARE;

AVR MICROCONTROLLERS; CODE REUSE; CONTROL-FLOW INTEGRITIES; EMBEDDED DEVICE; EXPLOITATION TECHNIQUES; HARVARD ARCHITECTURES; RANDOM PERMUTATIONS; RETURN-ORIENTED PROGRAMMING;

SECURITY OF DATA;

EID: 84979224033     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-40667-1_4     Document Type: Conference Paper

References (27)

1. Anderson, W.: Entropy library documentation. Google Code Projects (2012)
2. Atmel, C.: Avr109: Self programming (2004). atmel.com/images/doc1644.pdf
3. Atmel, C.: Automotive compilation (2012). http://www.atmel.com/Images/atmelautocompilation vol9 oct2012.pdf
4. Backes, M., Nürnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: USENIX Security Symposium (2014)
5. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX Security (2003)
6. Braden, K., Crane, S., Davi, L., Franz, M., Larsen, P., Liebchen, C., Sadeghi, A.R.: Leakage-resilient layout randomization for mobile devices. In: Network and Distributed Systems Security Symposium (NDSS) (2016)
7. Carlini, N., Wagner, D.: Rop is still dangerous: breaking modern defenses. In: USENIX Security Symposium (2014)
8. Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition, 2000, DISCEX 2000, vol. 2, pp. 119–129. IEEE (2000)
9. Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.R., Brunthaler, S., Franz, M.: Readactor: practical code randomization resilient to memory disclosure. In: IEEE Symposium on Security and Privacy, S&P, vol. 15 (2015)
10. Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: Proceedings of the 22nd Network and Distributed Systems Security Symposium (NDSS) (2015)
11. Dean, B.S.: Avr downloader/uploader (2003). http://www.nongnu.org/avrdude/. Accessed Jan 2016
12. Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 15–26. ACM (2008)
13. Francillon, A., Perito, D., Castelluccia, C.: Defending embedded systems against control flow attacks. In: Proceedings of the First ACM Workshop on Secure Execution of Untrusted Code, pp. 19–26. ACM (2009)
14. Gu, Q., Noorani, R.: Towards self-propagate mal-packets in sensor networks. In: Proceedings of the ACM Conference on Wireless Network Security, pp. 172–182. ACM (2008)
15. Habibi, J., Gupta, A., Carlsony, S., Panicker, A., Bertino, E.: MAVR: code reuse stealthy attacks and mitigation on unmanned aerial vehicles. In: Distributed Computing Systems (ICDCS), pp. 642–652. IEEE (2015)
16. Intel, C.: Hexadecimal object file format specification (1988)
17. Mohan, V., Hamlen, K.W.: Frankenstein: stitching malware from benign binaries. In: 6th USENIX Workshop on Offensive Technologies. USENIX (2012)
18. Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K., Franz, M.: Opaque controlflow integrity. In: Network and Distributed Systems Security Symposium (NDSS) (2015)
19. GNU Project: Avr libc home page (1999). http://www.nongnu.org/avr-libc/. Accessed Jan 2016
20. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(1), 2 (2012)
21. Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial internet of things. In: Annual Design Automation Conference. ACM (2015)
22. Schuster, F., Tendyck, T., Pewny, J., Maaß, A., Steegmanns, M., Contag, M., Holz, T.: Evaluating the effectiveness of current Anti-ROP defenses. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 88–108. Springer, Heidelberg (2014)
23. Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Security and Privacy (SP), pp. 574–588 (2013)
24. Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 48–62. IEEE (2013)
25. Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 256–267. ACM (2015)
26. Trevennor, A.: Practical AVR Microcontrollers: Games, Gadgets, and Home Automation with the Microcontroller Used in the Arduino. Apress, USA (2012)
27. Wojtczuk, R.: The advanced return-into-lib (c) exploits: Pax case study. Phrack Magazine, vol. 0x0b, Issue 0x3a, Phile# 0x04 of 0x0e (2001)