HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers


Microcontroller-based embedded systems (MCUs) have become ubiquitous with the emergence of IoT technology. Given its critical roles in many applications, its security is becoming increasingly important. Unfortunately, MCU devices are especially vulnerable. Code reuse attacks are particularly noteworthy since the memory address of firmware code is static. This work seeks to combat code reuse attacks, including ROP and more advanced JIT-ROP via continuous randomization. Previous proposals are geared towards full-fledged OSs with rich runtime environments, and therefore cannot be applied to MCUs. We propose the first solution for ARM-based MCUs leveraging the ARM TrustZone extension. Our system, named HARM, comprises a secure runtime and a binary analysis tool with rewriting module. The secure runtime, protected inside the secure world, proactively triggers and performs non-bypassable randomization to the firmware running in a sandbox in the normal world. Our system does not rely on any firmware feature, and therefore is generally applicable to both baremetal and RTOS-powered firmware. We have implemented a HARM prototype on a real development board. Our evaluation results indicate that the proposed system can effectively thaw code reuse attacks while keeping the performance and energy overhead low.

2022 IEEE European Symposium on Security and Privacy (EuroS&P ‘22), to appear