Tiny-CFA: A Minimalistic Approach for Control-Flow Attestation Using Verified Proofs of Execution

by   Ivan De Oliveira Nunes, et al.

The design of tiny trust anchors has received significant attention over the past decade, to secure low-end MCU-s that cannot afford expensive security mechanisms. In particular, hardware/software (hybrid) co-designs offer low hardware cost, while retaining similar security guarantees as (more expensive) hardware-based techniques. Hybrid trust anchors support security services, such as remote attestation, proofs of software update/erasure/reset, proofs of remote software execution, in resource-constrained MCU-s, e.g., MSP430 and AVR AtMega32. Despite these advances, detection of control-flow attacks in low-end MCU-s remains a challenge, since hardware requirements of the cheapest related architectures are often more expensive than the MCU-s themselves. In this work, we tackle this challenge by designing Tiny-CFA - a control-flow attestation (CFA) technique with a single hardware requirement - the ability to generate proofs of remote software execution (PoX). In turn, PoX can be implemented very efficiently and securely in low-end MCU-s. Consequently, our design achieves the lowest hardware overhead of any CFA architecture (i.e., two orders of magnitude cheaper), while relying on a formally verified PoX architecture as its sole hardware requirement. With respect to runtime overhead, Tiny-CFA also achieves better performance than prior CFA techniques based on code instrumentation. We implement and evaluate Tiny-CFA, analyze its security, and demonstrate its practicality using real-world publicly available applications.



There are no comments yet.


page 1

page 2

page 3

page 4


On the TOCTOU Problem in Remote Attestation

We propose Remote Attestation with TOCTOU Avoidance (RATA): a provably s...

GAROTA: Generalized Active Root-Of-Trust Architecture

In this paper, we set out to systematically design a minimal active RoT ...

A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise

Modern society is increasingly surrounded by, and accustomed to, a wide ...

VST-Flow: Fine-grained low-level reasoning about real-world C code

We show how support for information-flow security proofs could be added ...

CRC: Fully General Model of Confidential Remote Computing

Digital services have been offered through remote systems for decades. T...

Mining Secure Behavior of Hardware Designs

Specification mining offers a solution by automating security specificat...

ReCFA: Resilient Control-Flow Attestation

Recent IoT applications gradually adapt more complicated end systems wit...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.