期刊
2020 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)
卷 -, 期 -, 页码 -出版社
IEEE
DOI: 10.1109/GLOBECOM42002.2020.9322370
关键词
Internet of Things; microcontroller; TrustZone; software security
资金
- National Key R&D Program of China [2018YFB2100300, 2018YFB0803400, 2017YFB1003000]
- US National Science Foundation (NSF) [1931871, 1915780]
- US Department of Energy (DOE) Award [DE-EE0009152]
- National Natural Science Foundation of China [U1736203, 61877029, 61972088, 61532013]
- Jiangsu Provincial Natural Science Foundation for Excellent Young Scholars [BK20190060]
- Direct For Education and Human Resources
- Division Of Graduate Education [1915780] Funding Source: National Science Foundation
- Direct For Social, Behav & Economic Scie
- Divn Of Social and Economic Sciences [1931871] Funding Source: National Science Foundation
Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the Microchip SAM 1.11 M(7113, which uses the ARM Cortex-M23 processor with the TrustZone-M technology. Strategies to mitigate these software attacks are also discussed.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据