Compiler-based defense against code-reuse attacks on embedded ARM systems.


Microcontroller-based embedded systems are increasingly used for applications that can have serious and immediate consequences if compromised—including automobile control systems, smart locks, drones, and implantable medical devices. Due to resource and execution-time constraints, C is the primary language used for programming these devices. Unfortunately, C is neither type-safe nor memory-safe, and control-flow hijacking remains a prevalent threat. This paper presents Silhouette: a compiler-based defense that efficiently guarantees the integrity of return addresses, significantly reducing the attack surface for control-flow hijacking.



Silhouette is a compiler-based defense against code-reuse attacks on embedded ARM systems that run a single bare-metal application. It guarantees the integrity of all application return addresses and also provides coarse-grained forward-edge control flow integrity. Silhouette combines an incorruptible shadow stack for return addresses with checks on forward control flow and memory protection to ensure that all functions return to the correct dynamic caller. To protect its shadow stack, Silhouette uses store hardening, an efficient intra-address space isolation technique targeting various ARM architectures that leverages special store instructions found on ARM processors


The software can be accessed here:


URV Reference Number: 1-20108
Patent Information:
Computer Software
For Information, Contact:
Curtis Broadbent
Licensing Manager
University of Rochester
John Criswell
Jie Zhou
Zhuojia Shen
Yufei Du
Lele Ma
Robert Walls