The proliferation of the Internet of Things (IoT) is bringing new levels of connectivity and automation to embedded systems. This connectivity has great potential to improve our lives but it has also exposed embedded systems to network-based attacks on an unprecedented scale. Attacks against IoT devices have already unleashed massive Denial of Service attacks, invalidated traffic tickets, taken control of vehicles, and facilitated robbing hotel rooms. Embedded devices face a wide variety of attacks similar to always-connected server-class systems. However, the security controls available on such devices today hark back to the state of security in server-class devices a few decades back.
Our position is that their security must become a first-class concern. We focus on a particularly vulnerable and constrained subclass of embedded systems: bare-metal systems. They execute a single statically linked binary image providing both the (operating) system functionality and application logic without privilege separation between the two. Bare-metal systems are not an exotic platform: they are often found as part of larger systems, e.g., smart phones delegate control over the lower protocol layers of WiFi and Bluetooth to a dedicated bare-metal System on a Chip (SoC).
To improve the security state of bare-metal systems, we develop a technique, called privilege overlaying, wherein operations requiring privileged execution are identified and only these operations execute in privileged mode [S&P-17]—this is the principle of least privileges being brought to the embedded world. This provides the foundation on which we develop protections for code integrity, control-flow hijacking, and protections for sensitive IO. We develop an LLVM-based compiler that automatically infers and enforces inter-component isolation on bare-metal systems [UsenixSec-18]. We conclude by presenting our benchmark suite and evaluation framework, called IoT2, for evaluating IoT-µC security [DSN-19]. IoT2 enables automatic evaluation of metrics covering security, performance, memory, and energy consumption.