FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems

Abstract

Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features. In this paper, we propose FLAShadow , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where FLAShadow can be securely maintained. FLAShadow exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of FLAShadow for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.