Good Motive but Bad Design: Why ARM MPU Has Become an Outcast in Embedded Systems
share
As more and more embedded devices are connected to the Internet, leading to the emergence of Internet-of-Things (IoT), previously less tested (and insecure) devices are exposed to miscreants. To prevent them from being compromised, the memory protection unit (MPU), which is readily available on many devices, has the potential to become a free lunch for the defenders. To our surprise, the MPU is seldom used by real-world products. The reasons are multi-fold. While there are non-technical reasons such as compatibility issues, more importantly, we found that MPU brings virtually no security enhancement at the expense of decreased performance and responsiveness. In this work, we investigate the MPU adoption in major real-time operating systems (RTOSs), in particular, the FreeRTOS, and try to pinpoint the fundamental reasons to explain why MPU is not favored. We hope our findings can inspire new remedial solutions to change the situation. We also review the latest MPU design and provide technical suggestions to build more secure embedded systems.
READ FULL TEXT
