Building Embedded Systems Like It's 1996

Ruotong Yu, Francesca Del Nin, Yuchen Zhang, Shan Huang, Pallavi Kaliyar, Sarah Zakto, Mauro Conti, Georgios Portokalidis, Jun Xu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

Embedded devices are ubiquitous. However, preliminary evidence shows that attack mitigations protecting our desktops/servers/phones are missing in embedded devices, posing a significant threat to embedded security. To this end, this paper presents an in-depth study on the adoption of common attack mitigations on embedded devices. Precisely, it measures the presence of standard mitigations against memory corruptions in over 10k Linux-based firmware of deployed embedded devices. The study reveals that embedded devices largely omit both user-space and kernel-level attack mitigations. The adoption rates on embedded devices are multiple times lower than their desktop counterparts. An equally important observation is that the situation is not improving over time. Without changing the current practices, the attack mitigations will remain missing, which may become a bigger threat in the upcoming IoT era. Throughout follow-up analyses, we further inferred a set of factors possibly contributing to the absence of attack mitigations. The exemplary ones include massive reuse of non-protected software, lateness in upgrading outdated kernels, and restrictions imposed by automated building tools. We envision these will turn into insights towards improving the adoption of attack mitigations on embedded devices in the future.

Original languageEnglish
Title of host publication29th Annual Network and Distributed System Security Symposium, NDSS 2022
ISBN (Electronic)1891562746, 9781891562747
DOIs
StatePublished - 2022
Event29th Annual Network and Distributed System Security Symposium, NDSS 2022 - Hybrid, San Diego, United States
Duration: 24 Apr 202228 Apr 2022

Publication series

Name29th Annual Network and Distributed System Security Symposium, NDSS 2022

Conference

Conference29th Annual Network and Distributed System Security Symposium, NDSS 2022
Country/TerritoryUnited States
CityHybrid, San Diego
Period24/04/2228/04/22

Fingerprint

Dive into the research topics of 'Building Embedded Systems Like It's 1996'. Together they form a unique fingerprint.

Cite this