The BINtegrity Project

Practical and Efficient Exploit Mitigation for Embedded Devices

Embedded devices are everywhere: From WiFi routers and smart TVs to industrial controls, these systems influence every aspect of our daily lives. Modern embedded devices are built using common hardware such as RISC-based ARM and MIPS platforms, and open software components such as Linux. Today, memory corruption attacks against embedded systems are similar to such attacks against personal computers. Unlike desktop environments, though, embedded systems do not have the protection mechanisms that have been introduced to the desktop and server world, and hence, even simple attacks may be effective.

In this paper, we present BINtegrity, a novel approach for exploit mitigation that is specifically tailored towards embedded systems that are based on the common RISC architecture. BINtegrity leverages architectural features of RISC CPUs to extract a combination of static and dynamic properties relevant to OS service requests from executables, and enforces them during runtime. Our technique borrows ideas from several areas including control flow integrity, system call monitoring, static analysis, and code emulation, and combines them in a low-overhead fashion directly in the operating system kernel.

We implemented BINtegrity for the Linux operating system. BINtegrity is practical, and restricts the ability of attackers to exploit generic memory corruption vulnerabilities in COTS binaries. In contrast to other approaches, BINtegrity does not require access to source code, binary modification, or application specific configuration such as policies. Our evaluation demonstrates that BINtegrity incurs a very low overhead -- only 2%, -- and shows that our approach is practical against both code injection and code reuse attacks.