View in EDS

DOI:10.1145/1455770.1455775 Code Injection Attacks on Harvard-Architecture Devices

Saved in:
Bibliographic Details
Title: DOI:10.1145/1455770.1455775 Code Injection Attacks on Harvard-Architecture Devices
Authors: Aurélien Francillon, Claude Castelluccia
Contributors: The Pennsylvania State University CiteSeerX Archives
Source: http://hal.archives-ouvertes.fr/docs/00/35/52/02/PDF/new.pdf.
Publication Year: 2009
Collection: CiteSeerX
Subject Terms: Categories and Subject Descriptors D.4.6 [Operating Systems, Security and Protection General Terms Experimentation, Security Keywords Harvard Architecture, Embedded Devices, Wireless Sensor Networks, Code Injection Attacks, Gadgets, Return Oriented Programming, Buffer Overflow, Computer Worms
Description: Harvard architecture CPU design is common in the embedded world. Examples of Harvard-based architecture devices are the Mica family of wireless sensors. Mica motes have limited memory and can process only very small packets. Stack-based buffer overflow techniques that inject code into the stack and then execute it are therefore not applicable. It has been a common belief that code injection is impossible on Harvard architectures. This paper presents a remote code injection attack for Mica sensors. We show how to exploit program vulnerabilities to permanently inject any piece of code into the program memory of an Atmel AVR-based sensor. To our knowledge, this is the first result that presents a code injection technique for such devices. Previous work only succeeded in injecting data or performing transient attacks. Injecting permanent code is more powerful since the attacker can gain full control of the target sensor. We also show that this attack can be used to inject a worm that can propagate through the wireless sensor network and possibly create a sensor botnet. Our attack combines different techniques such as return oriented programming and fake stack injection. We present implementation details and suggest some counter-measures.
Document Type: text
File Description: application/pdf
Language: English
Relation: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.405.7586
Availability: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.405.7586
http://hal.archives-ouvertes.fr/docs/00/35/52/02/PDF/new.pdf
Rights: Metadata may be used without restrictions as long as the oai identifier remains attached to it.
Accession Number: edsbas.C165A2C0
Database: BASE
FullText Text:
  Availability: 0
CustomLinks:
  – Url: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.405.7586#
    Name: EDS - BASE (s4221598)
    Category: fullText
    Text: View record from BASE
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Francillon%20A
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: edsbas
DbLabel: BASE
An: edsbas.C165A2C0
RelevancyScore: 840
AccessLevel: 3
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 839.994262695313
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: DOI:10.1145/1455770.1455775 Code Injection Attacks on Harvard-Architecture Devices
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Aurélien+Francillon%22">Aurélien Francillon</searchLink><br /><searchLink fieldCode="AR" term="%22Claude+Castelluccia%22">Claude Castelluccia</searchLink>
– Name: Author
  Label: Contributors
  Group: Au
  Data: The Pennsylvania State University CiteSeerX Archives
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <i>http://hal.archives-ouvertes.fr/docs/00/35/52/02/PDF/new.pdf</i>.
– Name: DatePubCY
  Label: Publication Year
  Group: Date
  Data: 2009
– Name: Subset
  Label: Collection
  Group: HoldingsInfo
  Data: CiteSeerX
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Categories+and+Subject+Descriptors+D%2E4%2E6+[Operating+Systems%22">Categories and Subject Descriptors D.4.6 [Operating Systems</searchLink><br /><searchLink fieldCode="DE" term="%22Security+and+Protection+General+Terms+Experimentation%22">Security and Protection General Terms Experimentation</searchLink><br /><searchLink fieldCode="DE" term="%22Security+Keywords+Harvard+Architecture%22">Security Keywords Harvard Architecture</searchLink><br /><searchLink fieldCode="DE" term="%22Embedded+Devices%22">Embedded Devices</searchLink><br /><searchLink fieldCode="DE" term="%22Wireless+Sensor+Networks%22">Wireless Sensor Networks</searchLink><br /><searchLink fieldCode="DE" term="%22Code+Injection+Attacks%22">Code Injection Attacks</searchLink><br /><searchLink fieldCode="DE" term="%22Gadgets%22">Gadgets</searchLink><br /><searchLink fieldCode="DE" term="%22Return+Oriented+Programming%22">Return Oriented Programming</searchLink><br /><searchLink fieldCode="DE" term="%22Buffer+Overflow%22">Buffer Overflow</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Worms%22">Computer Worms</searchLink>
– Name: Abstract
  Label: Description
  Group: Ab
  Data: Harvard architecture CPU design is common in the embedded world. Examples of Harvard-based architecture devices are the Mica family of wireless sensors. Mica motes have limited memory and can process only very small packets. Stack-based buffer overflow techniques that inject code into the stack and then execute it are therefore not applicable. It has been a common belief that code injection is impossible on Harvard architectures. This paper presents a remote code injection attack for Mica sensors. We show how to exploit program vulnerabilities to permanently inject any piece of code into the program memory of an Atmel AVR-based sensor. To our knowledge, this is the first result that presents a code injection technique for such devices. Previous work only succeeded in injecting data or performing transient attacks. Injecting permanent code is more powerful since the attacker can gain full control of the target sensor. We also show that this attack can be used to inject a worm that can propagate through the wireless sensor network and possibly create a sensor botnet. Our attack combines different techniques such as return oriented programming and fake stack injection. We present implementation details and suggest some counter-measures.
– Name: TypeDocument
  Label: Document Type
  Group: TypDoc
  Data: text
– Name: Format
  Label: File Description
  Group: SrcInfo
  Data: application/pdf
– Name: Language
  Label: Language
  Group: Lang
  Data: English
– Name: NoteTitleSource
  Label: Relation
  Group: SrcInfo
  Data: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.405.7586
– Name: URL
  Label: Availability
  Group: URL
  Data: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.405.7586<br />http://hal.archives-ouvertes.fr/docs/00/35/52/02/PDF/new.pdf
– Name: Copyright
  Label: Rights
  Group: Cpyrght
  Data: Metadata may be used without restrictions as long as the oai identifier remains attached to it.
– Name: AN
  Label: Accession Number
  Group: ID
  Data: edsbas.C165A2C0
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsbas&AN=edsbas.C165A2C0
RecordInfo BibRecord:
  BibEntity:
    Languages:
      – Text: English
    Subjects:
      – SubjectFull: Categories and Subject Descriptors D.4.6 [Operating Systems
        Type: general
      – SubjectFull: Security and Protection General Terms Experimentation
        Type: general
      – SubjectFull: Security Keywords Harvard Architecture
        Type: general
      – SubjectFull: Embedded Devices
        Type: general
      – SubjectFull: Wireless Sensor Networks
        Type: general
      – SubjectFull: Code Injection Attacks
        Type: general
      – SubjectFull: Gadgets
        Type: general
      – SubjectFull: Return Oriented Programming
        Type: general
      – SubjectFull: Buffer Overflow
        Type: general
      – SubjectFull: Computer Worms
        Type: general
    Titles:
      – TitleFull: DOI:10.1145/1455770.1455775 Code Injection Attacks on Harvard-Architecture Devices
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Aurélien Francillon
      – PersonEntity:
          Name:
            NameFull: Claude Castelluccia
      – PersonEntity:
          Name:
            NameFull: The Pennsylvania State University CiteSeerX Archives
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Type: published
              Y: 2009
          Identifiers:
            – Type: issn-locals
              Value: edsbas
            – Type: issn-locals
              Value: edsbas.oa
          Titles:
            – TitleFull: http://hal.archives-ouvertes.fr/docs/00/35/52/02/PDF/new.pdf
              Type: main
ResultId 1