The document discusses a demonstration of memory protection using the Memory Protection Unit (MPU) on a Cortex-M4 processor, specifically how it can prevent the execution of malicious code. By configuring MPU regions to restrict execution permissions, any attempts to execute code from a protected area will trigger a memory management fault exception. This effectively safeguards against attacks that exploit memory access vulnerabilities.

1. 12/19/16 1
ARMv7-M
Memory Protection Unit
(MPU)
eXecution Never (XN) demo
Louie Lu
<me@louie.lu>

2. 12/19/16 2
BitSec Demo
Memory protection using MPU
Each MPU can set 8 region on
Cortex-M4
To achieve program isolation
And, can set the region to
eXecution Never (XN)

3. 12/19/16 3
BitSec Demo

4. 12/19/16 4
BitSec Demo
PC 0x08008000

5. 12/19/16 5
BitSec Demo
PC 0x08008000
If attacker put malicious code at
0x20004000, and set PC to
0x20004000

6. 12/19/16 6
BitSec Demo
Then, CPU will try to fetch
0x20004000 value as next instruction
PC 0x20004000

7. 12/19/16 7
BitSec Demo
Attack done.
PC 0x20004000

8. 12/19/16 8
BitSec Demo
But If we setting MPU region
and set region not to execute

9. 12/19/16 9
BitSec Demo
But If we setting MPU region
and set region not to execute
Base: 0x20004000, Size: 2 ** 12, Attr: 1000
Range: 0x20004000 ~ 0x20005000
MPU protect, XN is true
0x20004000
0x20005000

10. 12/19/16 10
BitSec Demo
When PC value been changed to 0x20004008
CPU try to fetch 0x20004008
as next instruction
MPU protect, XN is true
PC 0x20004008
0x20004000
0x20005000

11. 12/19/16 11
BitSec Demo
This invalid memory access will trigger MPU
then generate a
memory manage fault exception
MPU protect, XN is true
PC 0x20004008
0x20004000
0x20005000

12. 12/19/16 12
BitSec Demo
It will handle by
mem_manage_fault_handler
to avoid attack
MPU protect, XN is true
PC 0x0800605E
mem manage fault handler
0x20004000
0x20005000