Purdue University Graduate School
Clemen19-Thesis-Deposit.pdf (1.18 MB)

Protecting Bare-metal Systems from Remote Exploitation

Download (1.18 MB)
posted on 2019-05-15, 12:53 authored by Abraham Anthony ClementsAbraham Anthony Clements
The Internet of Things is deploying large numbers of bare-metal systems that have no protection against memory corruption and control-flow hijacking attacks. These attacks have enabled unauthorized entry to hotel rooms, malicious control of unmanned aerial vehicles, and invasions of privacy. Using static and dynamic analysis these systems can utilize state-of-the-art testing techniques to identify and
prevent memory-corruption errors and employ defenses against memory corruption and control-flow hijacking attacks in bare-metal systems that match or exceed those currently employed on desktop systems. This is shown using three case studies.

(1) EPOXY which, automatically applies data execution prevention, diversity, stack defenses, and separating privileged code from unprivileged code using a novel
technique called privileged overlaying. These protections prevent code injection attacks, and reduce the number of privileged instruction to 0.06% verses an unprotected

(2) Automatic Compartments for Embedded Systems (ACES), which automatically creates compartments that enforce data integrity and code isolation within bare-metal applications. ACES enables exploring policies to best meet security and performance requirements for individual applications. Results show ACES' can form 10s of compartments within a single thread and has a 15% runtime overhead on average.

(3) HALucinator breaks the requirement for specialized hardware to perform bare-metal system testing. This enables state-of-the-art testing techniques –e.g., coverage based fuzzing – to scale with the availability of commodity computers, leading to the discovery of exploitable vulnerabilities in bare-metal systems.

Combined, these case studies advance the security of embedded system several decades and provide essential protections for today’s connected devices.


Sandia National Laboratories


Degree Type

  • Doctor of Philosophy


  • Electrical and Computer Engineering

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

Saurabh Bagchi

Advisor/Supervisor/Committee co-chair

Mathias Payer

Additional Committee Member 2

Shreyas Sundaram

Additional Committee Member 3

Brandon Eames