English

On Runtime Software Security of TrustZone-M based IoT Devices

Cryptography and Security 2020-07-14 v1

Abstract

Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the TrustZone-M enabled SAM L11 MCU. Strategies to mitigate these software attacks are also discussed.

Keywords

Cite

@article{arxiv.2007.05876,
  title  = {On Runtime Software Security of TrustZone-M based IoT Devices},
  author = {Lan Luo and Yue Zhang and Cliff C. Zou and Xinhui Shao and Zhen Ling and Xinwen Fu},
  journal= {arXiv preprint arXiv:2007.05876},
  year   = {2020}
}

Comments

6 pages, 3 figures

R2 v1 2026-06-23T17:02:54.744Z