Visible to the public Tiny-CFA: Minimalistic Control-Flow Attestation Using Verified Proofs of Execution

Submitted by aekwall on Tue, 01/25/2022 - 3:49pm
TitleTiny-CFA: Minimalistic Control-Flow Attestation Using Verified Proofs of Execution
Publication TypeConference Paper
Year of Publication2021
AuthorsDe Oliveira Nunes, Ivan, Jakkamsetti, Sashidhar, Tsudik, Gene
Conference Name2021 Design, Automation Test in Europe Conference Exhibition (DATE)
Keywordsattestation, composability, Computer architecture, Hardware, Human Behavior, Instruments, pubcrawl, Resiliency, Runtime, security, Software
AbstractThe design of tiny trust anchors attracted much attention over the past decade, to secure low-end MCU-s that cannot afford more expensive security mechanisms. In particular, hardware/software (hybrid) co-designs offer low hardware cost, while retaining similar security guarantees as (more expensive) hardware-based techniques. Hybrid trust anchors support security services (such as remote attestation, proofs of software update/erasure/reset, and proofs of remote software execution) in resource-constrained MCU-s, e.g., MSP430 and AVR AtMega32. Despite these advances, detection of control-flow attacks in low-end MCU-s remains a challenge, since hardware requirements for the cheapest mitigation techniques are often more expensive than the MCU-s themselves. In this work, we tackle this challenge by designing Tiny-CFA - a Control-Flow Attestation (CFA) technique with a single hardware requirement - the ability to generate proofs of remote software execution (PoX). In turn, PoX can be implemented very efficiently and securely in low-end MCU-s. Consequently, our design achieves the lowest hardware overhead of any CFA technique, while relying on a formally verified PoX as its sole hardware requirement. With respect to runtime overhead, Tiny-CFA also achieves better performance than prior CFA techniques based on code instrumentation. We implement and evaluate Tiny-CFA, analyze its security, and demonstrate its practicality using real-world publicly available applications.
DOI10.23919/DATE51398.2021.9474029
Citation Keyde_oliveira_nunes_tiny-cfa_2021
Groups: