Fast Execute-Only Memory for Embedded Systems
This addresses security vulnerabilities for embedded systems, offering a practical solution with minimal overhead.
The paper tackles the problem of remote code disclosure attacks in embedded systems by presenting PicoXOM, a fast execute-only memory system for ARM devices, which achieves an average performance overhead of 0.33% and code size overhead of 5.89%.
Remote code disclosure attacks threaten embedded systems as they allow attackers to steal intellectual property or to find reusable code for use in control-flow hijacking attacks. Execute-only memory (XOM) prevents remote code disclosures, but existing XOM solutions either require a memory management unit that is not available on ARM embedded systems or incur significant overhead. We present PicoXOM: a fast and novel XOM system for ARMv7-M and ARMv8-M devices which leverages ARM's Data Watchpoint and Tracing unit along with the processor's simplified memory protection hardware. On average, PicoXOM incurs 0.33% performance overhead and 5.89% code size overhead on two benchmark suites and five real-world applications.