TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M

Control-Flow Integrity (CFI) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a light-weight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-M, a hardware-assisted security feature for embedded systems with tight resource constraints. TZmCFI embodies several existing CFI techniques to provide a comprehensive protection. The traditional shadow stack technique is used to ensure stack integrity and validate function returns. To protect exception handlers, TZmCFI extendsshadow exception stacks, which are a variant of the traditional shadow stack technique we proposed in our previous work, for RTOS integration and performance improvement. We conducted an experiment on Arm Versatile Express Cortex-M Prototyping System (V2M-MPS2+) to evaluate the run-time overhead of the proposed system.

Automated summary

Control-Flow Integrity (CFI) is a defensive technique against control-flow attacks. A light-weight CFI scheme, TZmCFI, utilizing Armv8-M TrustZone, integrates various CFI techniques for comprehensive protection. Experimental evaluation on an Arm Cortex-M system shows the effectiveness of the proposed system.