Towards Transparent Control-Flow Integrity in Safety-Critical Systems
In today's networked Safety-critical Cyber-Physical Systems (CPS), the integration of multiple functions on a single hardware platform has become a necessity to meet size, weight, and power requirements. However, this increased network integration also introduces new Security threats, including remote code reuse attacks like Return-Oriented Programming (ROP). To safeguard these critical systems, an effective mechanism is required to detect and prevent code-reuse attacks.
Our whitepaper presents a groundbreaking Control-Flow Integrity (CFI) solution specifically designed for Safety-critical CPS. Unlike conventional CFI solutions, our approach does not require intrusive program instrumentation or run-time interference, making it suitable for systems with real-time constraints. We leverage ARM CoreSight to transparently enforce both forward-edge and backward-edge CFI for applications at run-time, ensuring reliable control-flow protection while guaranteeing real-time constraints.
- Safety-certifiable, separation kernel-based partitioning architecture
- Integration of CFI monitoring in Safety-critical systems
- Transparent CFI enforcement with ARM CoreSight
- Evaluation of timing impact and practical deployment considerations
In the context of mixed-critical systems, even low-critical components play a crucial role in maintaining system availability, user experience, and confidentiality. A Security vulnerability in these components can potentially compromise Safety-critical functions, highlighting the need for comprehensive security measures. We will explore our innovative CFI solution's applicability, performance evaluation, and system design considerations for deploying in Safety-critical CPS.
Gain valuable insights into protecting Safety-critical CPS with CFI and discover how our solution addresses real-time constraints while enhancing Security in modern networked systems.