Overview
Memory corruption vulnerabilities have been around for decades and while the general purpose world has seen an arms race develop around exploit mitigations which has driven up the complexity and cost of exploit development, this is not the case in the embedded world. This is particularly evident in the real-time operating systems (RTOS) running on the most constrained embedded systems. Not only do these RTOSes lack any sort of modern exploit mitigations but they are faced with a myriad of unique challenges and constraints adversely affecting their adoption.
This is all the more worrisome given that they are used in some of the most critical systems (such as avionics, automotive, military or ICS equipment) and they are becoming ever more ubiquitous with the rise of the so-called 'Internet of Things'.In this research we will present an overview of the current state of RTOS exploit mitigations, outline some of the challenges faced in developing and adopting exploit mitigations for RTOSes and discuss some solutions and promising research directions for raising the bar in embedded memory corruption exploitation.
22-08-2017
Academic paper
NSS SECIOE
17-06-2019
Academic paper
EuroS&P
All items