Code Tamper-Proofing Using Return Oriented Programming in IoT Devices

Abstract

An application running on the Internet of Things (IoT) device is vulnerable to code reuse attacks, which makes control flow highjacking relatively easy. Control Flow Integrity (CFI) is widely known to make code tampering harder. Available CFI solutions mostly work for x86 (Intel architecture), but most of the IoT devices use the ARM architecture. This paper presents a novel control-flow obfuscation technique for IoT devices, especially for the ARM architecture. This paper uses Return Oriented Programming (ROP), used for code reuse attacks, to prevent control flow in IoT devices. The proposed method is a selfcontained code integrity verification approach that protects control flow by ROP gadgets and implicitly verifies integrity by “U-probe”. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.