Good Motive but Bad Design: Pitfalls in MPU Usage in Embedded Systems in the Wild

As more and more microcontroller-based embedded devices are connected to the Internet, as part of the Internet-of-Things (IoT), previously less tested (and insecure) devices are exposed to miscreants. To prevent them from being compromised, the memory protection unit (MPU), which is readily available on many of these devices, has the potential to enable many defenses. We comprehensively studied the MPU adoption in top operating systems for microcontrollers. Specifically, we investigated whether MPU is supported, how it is used, and whether …

adoption bad compromised design devices embedded embedded systems enable exposed insecure internet iot memory memory protection microcontrollers operating systems protection security systems things