ORSHIN Attack Defense Framework

Arbitrary code execution

Description

Arbitrary code execution

CWE

CVE

Attack Surfaces

Bootloader (MITRE EMB3D PID-21)

Non-Volatile Memory (MITRE EMB3D PID-3122)

Attack Vectors

Buffer Manipulation (MITRE EMB3D TID-327)

Buffer Manipulation (MITRE EMB3D TID-327)

Pointer Manipulation (MITRE EMB3D TID-327)

Firmware Verification (MITRE EMB3D TID-213)

NVM Tampering

Defenses

Proper memory management, ASLR, Input validation, Bounds checking, Non-executable stack, Canaries

Code analysis, Manual, Static, Dynamic

Secure Boot Verification, Secure Boot, Code Signing, Secure Boot Keys

Firmware Integrity Checks, Integrity Verification, Digital Signatures, Hash Functions