| Title | A Probability Prediction Based Mutable Control-Flow Attestation Scheme on Embedded Platforms |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Hu, Jianxing, Huo, Dongdong, Wang, Meilin, Wang, Yazhe, Zhang, Yan, Li, Yu |
| Conference Name | 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| Keywords | ARM TrustZone, attestation, coarse-grained check, coarse-grained control-flow attestation schemes, composability, Control Flow Attestation, control-flow attacks, control-flow security, costly fine-grained level, Embedded Platform Security, Embedded Software, Embedded systems, execution-profiling CFG, execution-profiling control-flow graph, fine-grained remote control-flow attestation, Human Behavior, machine learning, MGC-FA, mutable control-flow attestation scheme, mutable granularity control-flow attestation, Mutable Granularity Scheme, operating systems (computers), Predictive models, Probabilistic logic, probability, pubcrawl, Raspberry Pi, remote attestation, remote control-flow attestation scheme, Resiliency, Runtime, security, security of data, software integrity |
| Abstract | Control-flow attacks cause powerful threats to the software integrity. Remote attestation for control flow is a crucial security service for ensuring the software integrity on embedded platforms. The fine-grained remote control-flow attestation with execution-profiling Control-Flow Graph (CFG) is applied to defend against control-flow attacks. It is a safe scheme but it may influence the runtime efficiency. In fact, we find out only the vulnerable parts of a program need being attested at costly fine-grained level to ensure the security, and the remaining normal parts just need a lightweight coarse-grained check to reduce the overhead. We propose Mutable Granularity Control-Flow Attestation (MGC-FA) scheme, which bases on a probabilistic model, to distinguish between the vulnerable and normal parts in the program and combine fine-grained and coarse-grained control-flow attestation schemes. MGC-FA employs the execution-profiling CFG to apply the remote control-flow attestation scheme on embedded devices. MGC-FA is implemented on Raspberry Pi with ARM TrustZone and the experimental results show its effect on balancing the relationship between runtime efficiency and control-flow security. |
| DOI | 10.1109/TrustCom/BigDataSE.2019.00077 |
| Citation Key | hu_probability_2019 |
A Probability Prediction Based Mutable Control-Flow Attestation Scheme on Embedded Platforms