FH-CFI: Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices

Code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP) attacks, have become a great threat to the runtime security of ARM-based Internet of Things (IoT) devices. Attackers can utilize CRAs to hijack the control flow of programs in ARM-based IoT devices to make them perform malicious actions without injecting any codes. Control flow integrity (CFI) is an important cornerstone for the security of ARM-based IoT devices, as it enforces the correct control flow of devices and defends against CRAs. However, coarse-grained CFI schemes suffer from security issues, like key leakage and coarse-grained protection, which allows attackers to bypass their defenses. Meanwhile, fine-grained CFI schemes bring high overhead and have the multi-to-one problem. In this paper, we propose FH-CFI, a fine-grained hardware-assisted CFI scheme to help ARM-based IoT devices resist refined CRAs without leaking their encryption/decryption keys. We utilize hash-based message authentication codes to protect the return addresses from being changed, thus resisting ROP attacks without key leakage. Moreover, we encrypt instructions at target sites with the call sites' information to defeat JOP attacks in fine-grained. Additionally, we have designed a diverter to solve the multi-to-one problem that exists in fine-grained CFI schemes. Theoretical analyses demonstrate the security of our FH-CFI. Experimental evaluations on ARM-based IoT devices show that FH-CFI has greater effectiveness and stronger security than existing state-of-the-art CFI schemes, with few additional overheads.(c) 2022 Elsevier Ltd. All rights reserved.