English

Shakedown: compiler-based moving target protection for Return Oriented Programing attacks on an industrial IoT device

Cryptography and Security 2018-10-12 v2

Abstract

Cybercriminals use Return Oriented Programming techniques to attack systems and IoT devices. While defenses have been developed, not all of them are applicable to constrained devices. We present Shakedown, which is a compile-time randomizing build tool which creates several versions of the binary, each with a distinct memory layout. An attack developed against one device will not work on another device which has a different memory layout. We tested Shakedown on an industrial IoT device and shown that its normal functionality remained intact while an exploit was blocked.

Keywords

Cite

@article{arxiv.1810.02090,
  title  = {Shakedown: compiler-based moving target protection for Return Oriented Programing attacks on an industrial IoT device},
  author = {Fady Copty and Francisco Hernandez and Dov Murik and Olmo Rayón},
  journal= {arXiv preprint arXiv:1810.02090},
  year   = {2018}
}

Comments

1st SMESEC Workshop - Heraklion, Greece (2018)

R2 v1 2026-06-23T04:28:09.785Z