uIPS: Software-Based Intrusion Prevention for Bare-metal Embedded Systems

Many embedded systems are low-cost bare-metal systems where the firmware executes directly on hardware without an OS. Bare-metal systems typically lack many security primitives, including the well-known Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), and their integrity can be compromised using a single vulnerability. Proposed defenses have not yet been deployed due to their requirements for firmware source code availability or hardware modifications. We present uIPS, the first Intrusion Prevention System (IPS) for bare-metal systems that requires no modification to the hardware and can be applied to stripped binaries without access to the source code. uIPS enforces fine-grained control-flow protection targeting both forward and backward edges. To achieve that, uIPS introduces a novel Trusted Execution Environment (TEE) to provide memory isolation at runtime while handling the hardware limitations of bare-metal systems. uIPS also provides Remote Integrity Check (RIC) mechanism to validate the integrity of control-flow protection policies and the TEE code, and secure Over-The-Air (OTA) update mechanism to deploy the up- dated policies. We evaluate uIPS against ten real-world representative firmware. uIPS imposes a 31% execution overhead on average on binary instrumented firmware. uIPS reduces exposure to Return-Oriented Programming (ROP) attacks by 99%.