Skip to content
Sagan

Paper

WATSON: Leveraging Data Watchpoints for Shadow Stack Protection on Embedded Systems

Unreadunread

AI summary

This paper presents WATSON, a shadow-stack defense for embedded systems (like IoT devices) that protects against control-flow hijacking by using the hardware debug unit's data watchpoints to enforce write protection on the shadow stack. Unlike prior shadow-stack solutions for embedded systems, WATSON provides system-wide protection (including interrupts and exceptions), introduces low overhead (7.33% on BEEBS, 1.81% on CoreMark-Pro), doesn't require a trusted execution environment, and is compatible with other security mechanisms that use similar hardware features. The authors implement it on ARM Cortex-M and show it integrates with compiler-based forward-edge control-flow integrity.

Main takeaways:

  • Uses hardware data watchpoints (standard debug feature) to enforce write protection on the shadow stack, preventing control-flow hijacking on embedded systems.
  • Provides system-wide protection including interrupts and exceptions, which prior solutions miss.
  • Introduces 7.33% overhead on BEEBS and 1.81% on CoreMark-Pro benchmarks—lower than prior shadow-stack methods.
  • Doesn't depend on trusted execution environments (TEEs), making it applicable to a wider range of embedded devices.
  • Compatible with compiler-enforced forward-edge control-flow integrity and avoids conflicts with other hardware-based security mechanisms.