Samuel Weiser (Graz University of Technology), Mario Werner (Graz University of Technology), Ferdinand Brasser (Technische Universität Darmstadt), Maja Malenko (Graz University of Technology), Stefan Mangard (Graz University of Technology), Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Embedded computing devices are used on a large scale in the emerging internet of things (IoT). However, their wide deployment raises the incentive for attackers to target these devices, as demonstrated by several recent attacks. As IoT devices are built for long service life, means are required to protect sensitive code in the presence of potential vulnerabilities, which might be discovered long after deployment. Tagged memory has been proposed as a mechanism to enforce various fine-grained security policies at runtime. However, none of the existing tagged memory schemes provides efficient and flexible compartmentalization in terms of isolated execution environments.

We present TIMBER-V, a new tagged memory architecture featuring flexible and efficient isolation of code and data on small embedded systems. We overcome several limitations of previous schemes. We augment tag isolation with a memory protection unit to isolate individual processes, while maintaining low memory overhead. TIMBER-V significantly reduces the problem of memory fragmentation, and improves dynamic reuse of untrusted memory across security boundaries. TIMBER-V enables novel sharing of execution stacks across different security domains, in addition to interleaved heaps. TIMBER-V is compatible to existing code, supports real-time constraints and is open source. We show the efficiency of TIMBER-V by evaluating our proof-of-concept implementation on the RISC-V simulator.

View More Papers

Don't Trust The Locals: Investigating the Prevalence of Persistent...

Marius Steffens (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security), Martin Johns (TU Braunschweig), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More

Measuring the Facebook Advertising Ecosystem

Athanasios Andreou (EURECOM), Márcio Silva (UFMG), Fabrício Benevenuto (UFMG), Oana Goga (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG), Patrick Loiseau (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG & MPI-SWS), Alan Mislove (Northeastern University)

Read More

SABRE: Protecting Bitcoin against Routing Attacks

Maria Apostolaki (ETH Zurich), Gian Marti (ETH Zurich), Jan Müller (ETH Zurich), Laurent Vanbever (ETH Zurich)

Read More

Analyzing Semantic Correctness with Symbolic Execution: A Case Study...

Sze Yiu Chau (Purdue University), Moosa Yahyazadeh (The University of Iowa), Omar Chowdhury (The University of Iowa), Aniket Kate (Purdue University), Ninghui Li (Purdue University)

Read More