InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write Monitoring

Dongliang Fang, Anni Peng, Le Guan, Erik van der Kouwe, Klaus von Gleissenthal, Wenwen Wang, Yuqing Zhang, Limin Sun

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

Deeply embedded devices powered by microcontrollers are widely deployed. To protect them from exploitation, many lightweight defense mechanisms, such as control flow integrity, have been proposed. However, these defenses cannot provide data integrity—a security property of particular interest in mission-critical tasks. Conversely, existing defenses that provide data integrity are too expensive to deploy in the resourceconstrained context of deeply embedded devices. In this paper, we propose InvisiGuard, a hardware-assisted, low overhead approach for data integrity. InvisiGuard leverages data watchpoints—a commonly available debug feature on microcontrollers—to automatically intercept write operations to critical variables. InvisiGuard then checks the legitimacy of the write instruction against an allowlist stored in a trusted execution environment (e.g., ARM
TrustZone-M). By relying on the hardware to automatically intercept potentially dangerous instructions, InvisiGuard avoids heavy code instrumentation, as required by traditional solutions,
making it suitable for resource-constrained microcontroller devices.
We have implemented InvisiGuard on an ARM Cortex-M based development board and evaluated it with seven realworld firmware samples. Our experiments show that InvisiGuard reduces the runtime overhead by 56.99% and memory overhead by 77.37% compared with state of the art.
Original languageEnglish
Pages (from-to)343-358
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume22
Issue number1
Early online date9 May 2024
DOIs
Publication statusE-pub ahead of print - 9 May 2024

Fingerprint

Dive into the research topics of 'InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write Monitoring'. Together they form a unique fingerprint.

Cite this