A Procrastinating Control-Flow Integrity Framework for Periodic Real-Time Systems

Connected embedded systems and cyber-physical systems exhibit larger attack surface than isolated ones. Control-flow integrity (CFI) is a set of techniques to prevent attackers from redirecting program control-flow and performing arbitrary computation, by detecting and checking control-flow transfers. Currently CFI for real-time systems either operate in-line with code execution, often depending on hardware mechanisms for improved performance and/or security guarantees, or focus solely on budget management when performing CFI out-of-order. In this work, we exploit the predictable release pattern of periodic real-time systems to create a novel CFI framework. This framework (1) consists of a novel real-time task model, which explicitly considers CFI related execution along with the regular portion of the tasks, and (2) presents a novel hardware-assisted trusted scheduler to enable a unique combination of out-of-order and in-line control flow enforcement on forward edge and backwards edge, respectively, to minimize performance overhead while ensuring real-time deadlines. Our framework provides the flexibility to model arbitrary forward-edge CFI as security tasks, so that we may strategically schedule them, and provide schedulability and correctness analysis to explicitly ensure that CFI verification is always performed on time without affecting the timeliness of the real-time tasks. Simulations show that our new task model outperforms existing work in terms of resource usage, thus allowing for more complex and sophisticated CFI to be implemented. We implement our approach on real hardware and microbenchmarks confirm that our approach has comparable in-line overhead as existing work.