Enhancing Protection Against Code Reuse Attacks on IoT Devices by Randomizing Function Addresses

Most Internet of Things (IoT) devices currently in use are vulnerable to code reuse attacks because manufacturers typically deploy the same firmware across all devices. This uniformity enables attackers to craft a single exploit that can compromise multiple devices. To mitigate this risk, we propose a firmware diversification approach that creates multiple executable files with varying software compositions. Our approach introduces two complementary techniques: Function Address Reordering (FAR), which randomizes the order of functions within object files during compilation, and Object Address Reordering (OAR), which permutes the linking order of object files in the final executable. These techniques collectively diversify firmware instances without altering runtime behavior, making executing code reuse attacks significantly more difficult. By deploying firmware with diverse executable files, it is possible to enhance security without altering device behavior. We evaluate the effectiveness and limitations of the proposed methods when integrated into actual IoT firmware, assessing their resilience to code reuse attacks, impact on runtime behavior, and compilation overhead. Experimental results demonstrate that FAR and OAR significantly reduce the success rate of return-oriented programming attacks while incurring minimal performance overhead. This study offers a scalable, hardware-independent defense against code reuse attacks that increases resilience without a significant performance overhead, rendering it practical for widespread adoption in various IoT applications.