TrustFlow-X: A Practical Framework for Fine-grained Control-flow Integrity in Critical Systems

Cyril Bresch, David Hély, Roman Lysecky, Stéphanie Chollet, Ioannis Parissis

Research output: Contribution to journalArticlepeer-review

Abstract

This article addresses the challenges of memory safety in life-critical medical devices. Since the last decade, healthcare manufacturers have embraced the Internet of Things, pushing technological innovations to increase market share. Medical devices, including the most critical ones, tend to be increasingly connected to the Internet. Unfortunately, as critical devices often rely on unsafe programming languages such as C, they are no exception to memory safety issues. Given a memory vulnerability, a skillful attacker can take over a system and perform remote code execution. Combined with the fact that medical devices directly impact the safety of their users, a security vulnerability can lead to disastrous scenarios. To address this issue, this article presents TrustFlow-X, a novel hardware/software co-designed framework that provides efficient fine-grained control-flow integrity protection against memory-based attacks. The TrustFlow-X framework is composed of an LLVM-based compiler toolchain that generates a secure code. This secure code is then executed on an extended RISC-V processor that keeps track of sensitive data using a trusted memory. The obtained results show that the contribution is practical, providing a high level of trust in life-critical embedded systems.

Original languageEnglish (US)
Article number3398327
JournalACM Transactions on Embedded Computing Systems
Volume19
Issue number5
DOIs
StatePublished - Nov 2020

Keywords

  • Memory safety
  • compiler
  • control-flow integrity
  • processor architecture

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'TrustFlow-X: A Practical Framework for Fine-grained Control-flow Integrity in Critical Systems'. Together they form a unique fingerprint.

Cite this