Embedded security research paper using RISC OS

Reading through the proceedings of this week’s IEEE Symposium on Security and Privacy (commonly called ‘Oakland’), I was amused to discover a research paper that makes use of RISC OS as a case study:

IRQDebloat: Reducing Driver Attack Surface in Embedded Devices

Seems like RISC OS was a good stress test of their automatic driver disabling tool for embedded devices since it has lots of elderly handcrafted assembly code, which might throw off automated tools.

“This pervasive use of function pointers, nested loops, and chained handlers poses a significant challenge for automated static binary analysis.”
Not to mention people trying to get the hang of how it works!

@ Theo

Seems like RISC OS was a good stress test of their automatic driver disabling tool for embedded devices since it has lots of elderly handcrafted assembly code, which might throw off automated tools.

Indeed, however that would be “security through incompetence of cyber criminals” lol, doesn’t sound like something particoularly secure ;)

Jokes apart, yes there are few folks that are experimenting with RISC OS in the embedded devices world, but the lack of WiFi and Bluetooth support pose some serious constraints to the extent of the usefulness, while (as I have mentioned in multiple threads) there are other aspects of RISC OS that makes it a possible nice candidate.