This article addresses the challenges of memory safety in life-critical medical devices. Since the last decade, healthcare manufacturers have embraced the Internet of Things, pushing technological innovations to increase market share. Medical devices, including the most critical ones, tend to be increasingly connected to the Internet. Unfortunately, as critical devices often rely on unsafe programming languages such as C, they are no exception to memory safety issues. Given a memory vulnerability, a skillful attacker can take over a system and perform remote code execution. Combined with the fact that medical devices directly impact the safety of their users, a security vulnerability can lead to disastrous scenarios. To address this issue, this article presents TrustFlow-X, a novel hardware/software co-designed framework that provides efficient fine-grained control-flow integrity protection against memory-based attacks. The TrustFlow-X framework is composed of an LLVM-based compiler toolchain that generates a secure code. This secure code is then executed on an extended RISC-V processor that keeps track of sensitive data using a trusted memory. The obtained results show that the contribution is practical, providing a high level of trust in life-critical embedded systems.

中文翻译：

---

信任流-X

本文解决了生命攸关的医疗设备中内存安全的挑战。自过去十年以来，医疗保健制造商已经接受了物联网，推动技术创新以增加市场份额。医疗设备，包括最关键的设备，往往越来越多地连接到互联网。不幸的是，由于关键设备通常依赖于诸如 C 之类的不安全编程语言，因此它们在内存安全问题上也不例外。鉴于内存漏洞，熟练的攻击者可以接管系统并执行远程代码执行。再加上医疗设备直接影响其用户的安全这一事实，安全漏洞可能导致灾难性的场景。为了解决这个问题，本文介绍了 TrustFlow-X，一种新颖的硬件/软件共同设计的框架，可针对基于内存的攻击提供有效的细粒度控制流完整性保护。TrustFlow-X 框架由基于 LLVM 的编译器工具链组成，可生成安全代码。然后，此安全代码在扩展的 RISC-V 处理器上执行，该处理器使用受信任的内存跟踪敏感数据。获得的结果表明，该贡献是实用的，为生命攸关的嵌入式系统提供了高度的信任。