RIPEMB: A framework for assessing hardware-assisted software security schemes in embedded systems

Abstract

Memory corruption bugs remain one of the biggest threats to software security. The increasing complexity of SoCs and prevalence of connected embedded devices require larger software support packages that inevitably contain more bugs. Unfortunately, as of now, hardware-assisted security measures are not widely available in smaller embedded devices based on MCUs. Even if they are, vendors might configure them inadequately and validating the correct behavior of such important features is advisable. In this paper, we present RIPEMB, an open-source software package for validating hardware-assisted protection mechanisms such as memory protection units (MPUs), control flow integrity (CFI) enforcement, code pointer integrity (CPI), data flow tracking etc. It works as a self-contained embedded application performing up to almost 3000 different attacks based on memory corruption. While it contains some target-specific components, it is easy to port to new environments and can be used during development of new security schemes and in validation alike. We evaluate the applicability on two instruction set architectures (ISAs) (ARM and RISC-V), four hardware platforms, two C runtime environments, and a total of 8 different hardware defenses.