Memory corruption attacks are a pre-dominant attack vector against IoT devices due to the wide range of programming errors and software vulnerabilities. Simply updating vulnerable IoT software is often not possible due to downtime and the need for a reboot. These side-effects are unacceptable for systems with high availability and real-time constraints.
To avoid downtime and reboot of a system, previous research has introduced the concept of hotpatching. However, the existing approaches cannot be applied IoT devices that are resource-constrained and have specific architectural limitations.
Sebastian Surminski presents a novel system that utilizes hardware- based built-in features of commodity Cortex-M microcontrollers to perform hotpatching of embedded systems, without any interruptions allowing to sustain hard real-time capability while keeping the additional resource usage to a minimum. He explains how such patches can be developed within existing development procedures and shows how in a case study different medical devices have been patched to show the general practicability.