Efficient Load-Time Diversity for an Embedded Real-Time Operating System.

Cyber-physical systems (CPS) are threatened by cyber attacks just as any computing system. Even worse, due to them being embedded into the physical world, consequences can be catastrophic. The widespread use of unsafe languages and limited operating system protections makes code-reuse attacks particularly dangerous to smaller CPS. Existing effective countermeasures are either not applicable because resources are limited, or they introduce an unacceptable overhead. In this work, we propose a fine-grained load-time software diversity approach that is enabled by compile-time preparations. Its linear-time loading algorithm makes it feasible for resource-constrained CPS. We demonstrate our approach by fully diversifying an application including the real-time operating system FreeRTOS on an ARM real-time microcontroller. Our performance evaluation using the TACLe benchmark suite shows that the worst-case execution time overhead is acceptable.