Improving Security Assurance of Embedded Systems through Systemic Dissolution of Architected Resources

Resource constraints imposed upon embedded systems make it particularly challenging to provide high levels of security assurance without degrading their performance. We present a method for increasing security assurance of embedded systems without reducing system performance. This method employs a systemic dissolution of architected resources that reduces the attack surface of embedded systems. We show that attacks which insert foreign instructions or modify existing instructions are impossible against systems hardened using this method. We further show that systems hardened using this method are difficult if not impossible to compromise using attacks that re-use existing program logic by diverting control flow, such as return-into-libc. We discuss advantages and shortcomings of this method, and describe a prototype that applies the method to programs targeted for the Intel 8051.