Anatomy of Memory Corruption Attacks and Mitigations in Embedded Systems
ABSTRACT
For more than two decades, memory safety violations and control-flow integrity attacks have been a prominent threat to the security of computer systems. Contrary to regular systems that are updated regularly, application-constrained devices typically run monolithic firmware that may not be updated in the lifetime of the device after being deployed in the field. Hence, the need for protections against memory corruption becomes even more prominent. In this article, we survey memory safety in the context of embedded processors, and describe different attacks that can subvert the legitimate control flow, with a special focus on Return Oriented Programming. Based on common attack trends, we formulate the anatomy of typical memory corruption attacks and discuss powerful mitigation
techniques that have been reported in the literature.
EXISTING SYSTEM :
In several scenarios, embedded processors support monolithic applications and the executed programs are not expected to change dramatically during the lifetime of the underlying system. In this case, the embedded processors run their own firmware, which may be updated a limited number of times, or not updated at all for some constrained IoT applications. In the latter scenario outlines a threat model that motivates the use of runtime security controls against memory corruption vulnerabilities, since patching such vulnerabilities after the embedded processor has been deployed in the field may not be possible. Moreover, embedded processor firmware may be used in early boot environments that are responsible for initializing an underlying system and loading a tiny operating system.
In such scenarios, in the interest of saving memory, a frequent practice is to reuse parts of the boot code during later execution stages (after the system boots), when external inputs are also processed. Thus, embedded processors can operate under conditions that allow potential memory corruption vulnerabilities to be exploited, and this is emphasizes the need to deploy additional protection mechanisms.
PROPOSED SYSTEM :
Memory safety remains a major concern for applicationconstrained devices that are not updated after their initial deployment. The embedded processors installed in such systems may become vulnerable to memory corruption attacks that can subvert the intended control-flow and allow execution of arbitrary code. In particular, one important attack vector is return oriented programming, which combines existing code sequences with injected data on the stack to execute malicious operations.
CONCLUSION
To meet rising needs and leverage new assessment modalities, robots are being utilized in rehabilitation as therapeutic and assessment tools. Their measurement of joint and task space movement hinges on two assumptions. First, it is typically assumed that the human and robot joints are aligned, and second, wearing the exoskeleton does not significantly impact movement. For multi-articular joints such as the wrist, validating these assumptions are not trivial. To investigate the validity of these assumptions, we conducted three experiments. First, we evaluated the accuracy of kinematic joint measurement compared to anatomic joint measurements. For the tested pointing task, the kinematic measures were comparable to accepted goniometry despite limitations caused by movement
relative to the device and the variable (between subjects) and changing (within subjects) anatomic joint axes orientation. Kinematic measurements also preserved movement smoothness characteristics key to many robotic assessments.To investigated the second assumption, we conducted two experiments comparing movement with to movement without the robot. The second experiment identified effects of device inertia on wrist movement smoothness, and recommended the
use of inertially isotropic wrist devices, with assessment not along robot joints, but rather of coordinated movements of both the human and robot joints. The last experiment examined the interaction between exoskeletons and hand-wrist motor
coordination, and showed that familiar coordinations were perturbed for healthy individuals, but unfamiliar movements were not significantly impacted by the presence of a robotic assessment device.
We hypothesize that these unfamiliar tasks constitute the bulk of movements made by individuals with neuromuscular motor impairment. Therefore, we conclude that the kinematic data from robotic wrist exoskeletons reliably represent human movement and preserves smoothness characteristics. Stemming from these results, we propose design guidelines for exoskeletons as measurement devices.