论文标题
Lazarus效应:在小东西的互联网中治愈的设备损害
The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things
论文作者
论文摘要
我们生活在部署数十亿个IoT设备并越来越依赖的时代。这使得在妥协的情况下确保其可用性和可恢复性。大量且快速增长的部署的物联网设备使手动恢复不切实际,尤其是如果设备分散在大面积的情况下。因此,即使攻击者完全控制了设备,可能会滥用它们或试图使它们变得无用,即使在攻击者完全控制了设备之后,也需要一种可靠且可扩展的远程恢复机制。 为了解决这个问题,我们提出了Lazarus,该系统可以使受损的IoT设备的远程恢复。使用Lazarus,IoT管理员可以无条件地远程控制在物联网设备上运行的代码,并在保证的时间限制内。即使设备软件堆栈严重损坏,这也使恢复成为可能。我们仅施加最小的硬件要求,使拉撒路甚至适用于低端受约束的现成的物联网设备。我们通过使用可信赖的执行环境将Lazarus的最小恢复恢复信任计算基础与不受信任的软件分离。时间隔离会阻止秘密通过侧通道泄漏到不受信任的软件。在受信任的执行环境中,我们放置了最小功能,该功能在运行时限制了不受信任的软件。 我们在带有IoT轮毂,设备配置和安全更新功能的完整设置中,在基于ARM Cortex-M33的MicroController上实现Lazarus。我们的原型可以恢复受损的嵌入式OSS和裸机应用,并防止攻击者无法通过闪光灯磨损。我们在Freertos的示例中显示了这一点,该示例不需要任何修改,但只需要一个其他任务。我们的评估表明,运行时性能的影响可以忽略不计和中等内存要求。
We live in a time when billions of IoT devices are being deployed and increasingly relied upon. This makes ensuring their availability and recoverability in case of a compromise a paramount goal. The large and rapidly growing number of deployed IoT devices make manual recovery impractical, especially if the devices are dispersed over a large area. Thus, there is a need for a reliable and scalable remote recovery mechanism that works even after attackers have taken full control over devices, possibly misusing them or trying to render them useless. To tackle this problem, we present Lazarus, a system that enables the remote recovery of compromised IoT devices. With Lazarus, an IoT administrator can remotely control the code running on IoT devices unconditionally and within a guaranteed time bound. This makes recovery possible even in case of severe corruption of the devices' software stack. We impose only minimal hardware requirements, making Lazarus applicable even for low-end constrained off-the-shelf IoT devices. We isolate Lazarus's minimal recovery trusted computing base from untrusted software both in time and by using a trusted execution environment. The temporal isolation prevents secrets from being leaked through side-channels to untrusted software. Inside the trusted execution environment, we place minimal functionality that constrains untrusted software at runtime. We implement Lazarus on an ARM Cortex-M33-based microcontroller in a full setup with an IoT hub, device provisioning and secure update functionality. Our prototype can recover compromised embedded OSs and bare-metal applications and prevents attackers from bricking devices, for example, through flash wear out. We show this at the example of FreeRTOS, which requires no modifications but only a single additional task. Our evaluation shows negligible runtime performance impact and moderate memory requirements.