Log-Based Control Flow Attestation for Embedded Devices
Pages 117 - 132
Abstract
Remote attestation is a very important mechanism helping a trusted party to get the status of a remote embedded device. Most remote attestation schemes aim at checking the code integrity and leave devices vulnerable to runtime attacks. Recently a new kind of attestation called control flow attestation has been proposed to get rid of this limitation. However, previous studies on control flow attestation cannot verify the attestation result efficiently and lack secure storage.
In this paper, we present a log-based attestation scheme that not only can attest the control flow path of programs on embedded devices but also can verify the attestation result very efficiently. We use a lightweight root of trust in our attestation. We implement our system on Hikey board using ARM TrustZone security extension. We evaluate the performance using a popular embedded device benchmark Mibench and demonstrate that our scheme has a high security assurance and a good performance.
References
[1]
Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: NDSS, vol. 12, pp. 1–15 (2012)
[2]
Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: TrustLite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys 2014, pp. 10:1–10:14. ACM, New York (2014)
[3]
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27–38. ACM (2008)
[4]
Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 30–40. ACM, New York (2011)
[5]
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 340–353. ACM, New York (2005)
[6]
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI 2014, pp. 147–163. USENIX Association, Berkeley (2014)
[7]
Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 743–754. ACM, New York (2016)
[8]
Dessouky, G., et al.: Lo-fat: low-overhead control flow attestation in hardware. In: Proceedings of the 54th Annual Design Automation Conference 2017, DAC 2017, pp. 24:1–24:6. ACM, New York (2017)
[9]
Pappu R, Recht B, Taylor J, and Gershenfeld N Physical one-way functions Science 2002 297 5589 2026-2030
[10]
ARM Information Center, 11 July 2017. http://infocenter.arm.com/help/index.jsp
[11]
OP-TEE Trusted OS. https://github.com/OP-TEE/optee_os
[12]
Qualcomm Security Platform. https://www.qualcomm.com/solutions/mobile-computing/features/security
[13]
Linnartz J-P and Tuyls P Kittler J and Nixon MS New shielding functions to enhance privacy and prevent misuse of biometric templates Audio- and Video-Based Biometric Person Authentication 2003 Heidelberg Springer 393-402
[14]
Zhao, S., Zhang, Q., Hu, G., Qin, Y., Feng, D.: Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, TrustED 2014, pp. 25–36. ACM, New York (2014)
[15]
Machiry, A., et al.: Boomerang: exploiting the semantic gap in trusted execution environments (2017)
[16]
Data Execution Prevention. https://msdn.microsoft.com/zh-cn/library/aa366553(vs.85).aspx
Index Terms
- Log-Based Control Flow Attestation for Embedded Devices
Index terms have been assigned to the content through auto-classification.
Recommendations
RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecuritySmart factories, critical infrastructures, and medical devices largely rely on embedded systems that need to satisfy realtime constraints to complete crucial tasks. Recent studies and reports have revealed that many of these devices suffer from crucial ...
C-FLAT: Control-Flow Attestation for Embedded Systems Software
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityRemote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management EngineeringDuring the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Dec 2019
612 pages
© Springer Nature Switzerland AG 2019.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 01 December 2019
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Sep 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in