Kage is a real-time operating system that guarantees return address integrity and control flow integrity for embedded ARMv7-M devices. Kage uses a parallel shadow stack for protecting return addresses because this design allows for simple instrumentation and consequently low runtime performance overhead. However, Kage's parallel design incurs a large memory penalty to the device's RAM section. Embedded devices face tighter constraints on memory usage, so memory efficiency becomes a major concern. To address this challenge, we propose two novel shadow stack designs: the interleaved shadow stack design and the shared shadow stack design. These designs offer similar runtime performance compared to the parallel shadow stack design with significantly higher memory efficiency. For instance, we observed an up to 71.43% improvement to stack usage over the parallel design when running the Coremark benchmark suite.

Creator

• Smith, Avery

Contributors

• Shue, Craig A.
• Walls, Robert Joseph
• Criswell, John

Degree

• MS

Unit

• Computer Science

Publisher

• Worcester Polytechnic Institute

Identifier

• etd-105716

Keyword

• Shadow Stacks
• Real-Time Operating System
• Cybersecurity
• Embedded Device
• Memory Safety

Advisor

• Criswell, John
• Walls, Robert Joseph

Committee

• Shue, Craig

Defense date

• 2023-04-24

Year

• 2023

Date created

• 2023-04-27

Resource type

• Thesis

Source

• etd-105716

Rights statement

• In Copyright

Last modified

• 2023-11-06