Automated Detection of Spatial Memory Safety Violations for Constrained DevicesSören Tempel; Vladimir Herdt; Rolf Drechsler
In: 27th Asia and South Pacific Design Automation Conference (ASP-DAC). Asia and South Pacific Design Automation Conference (ASP-DAC), January 17-20, 2022.
Software written for constrained devices, commonly used in the Internet of Things (IoT), is primarily written in C and thus subject to vulnerabilities caused by the lack of memory safety (e.g. buffer overflows). To prevent these vulnerabilities, we present a systematic approach for finding spatial memory safety violations in low-level code for constrained embedded devices. We propose implementing this approach using SystemC-based Virtual Prototypes (VPs) and illustrate an architecture for a nonintrusive integration into an existing VP. To the best of our knowledge, this approach is novel as it is the first for finding spatial memory safety violations which addresses challenges specific to constrained devices. Namely, limited computing resources and utilization of custom hardware peripherals. We evaluate our approach by applying it to the IoT operating system RIOT where we discovered seven previously unknown spatial memory safety violations in the network stack of the operating system.