Procrastinating CFI for Hard Real-Time Systems
TimeTuesday, December 7th6:00pm - 7:00pm PST
LocationLevel 2 - Lobby
DescriptionConnected embedded systems are prone to external attacks. Control-flow integrity (CFI) techniques prevent attackers from redirecting program control-flow by checking control-flow transfers. Currently, CFI for embedded systems operate in-line of code execution, forcing them to have simple operations for keeping overhead acceptable. We exploit the predictability of real-time systems to model forward-edge CFI as separate tasks that can be executed out-of-order, enabled by an in-line control-flow logging mechanism that guarantees scheduler integrity and protects the backward-edge. Simulations and microbenchmarks indicate that our approach allows significant deadline relaxation, effectively increasing usable processor capacity, while maintaining comparable in-line overhead as existing work.