Attacking and Protecting Constrained Embedded Systems from Control Flow Attacks

The security of low-end embedded systems became a very important topic as they are more connected and pervasive. This thesis explores software attacks in the context of embedded systems such as wireless sensor networks. These devices usually employ a micro-controller with very limited computing capabilities and memory availability, and a large variety of architectures. In the first part of this thesis we show the possibility of code injection attacks on Harvard architecture devices, which was largely believed to be infeasible. In the second part we describe attacks on existing software-based attestation techniques. These techniques are used to detect compromises of WSN Nodes. We propose a new method for software-based attestation that is immune of the vulnerabilities in previous protocols. Finally, in the last part of this thesis we present a hardware-based technique that modifies the memory layout to prevent control flow attacks, and has a very low overhead.