C-FLAT: Control-FLow ATtestation for Embedded Systems Software (1605.07763v2)

Abstract: Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

• The paper introduces a runtime control-flow attestation mechanism that detects tampering in embedded systems by verifying execution integrity.
• It employs a cumulative hash over control-flow graph transitions, addressing challenges like loops and recursive calls in real-time.
• Experimental evaluations on ARM-based prototypes show minimal performance overhead while robustly countering advanced runtime hijacking attacks.

Control-Flow Attestation for Embedded Systems

The paper "C-FLAT: Control-Flow Attestation for Embedded Systems Software" addresses challenges in remote attestation of embedded systems, focusing on preventing runtime control-flow hijacking attacks. Unlike traditional static attestation methods, which are limited to authenticating initial software loads, C-FLAT (Control-FLow ATtestation) is proposed for dynamic attestation of runtime behavior without requiring access to the source code. This captures not only the integrity of binaries but also their execution details, offering significant resistance to sophisticated exploits like return-oriented programming.

Main Contributions

C-FLAT introduces a mechanism by which an application's dynamic control flow is transformed into a cumulative hash through a measurement function, providing evidence of execution integrity. The idea extends static binary attestation to cover dynamic execution paths by measuring each node transition within the application's control-flow graph (CFG). Key contributions of the work include:

• Design and Implementation: The authors developed a prototype on ARM-based Raspberry Pi with TrustZone extensions, demonstrating the attestation of control-flow paths. The task involved binary level control without explicit source requirements.
• Challenges and Solutions: The paper addresses the complexity in handling loops and recursive calls during runtime attestation. It explores novel loop-handling techniques to ensure scalability and efficacy. Moreover, call-return matching is meticulously handled to account for function calls that can originate from multiple locations, which is crucial for verifying the authenticity of control flows.
• Experimental Evaluation: The practicality of C-FLAT is demonstrated using a real-world case paper involving an Open Syringe Pump. The results highlighted C-FLAT's efficiency against various types of runtime attacks, including those targeting control-flow and non-control data.

Numerical Results and Findings

In practical evaluations, the implementation provided precise path measurements for targeted applications, such as the syringe pump program. C-FLAT accurately enumerated control-flow events and established consistent hash values for identical paths, thus confirming the correctness of execution paths. This directly translated to the detection of tampering attempts during execution. Notably, performance overheads, while existing, were minimal relative to the extended verification benefits they provide, particularly in domains that operate across prolonged temporal scales like cyber-physical systems.

Implications and Future Directions

The implications of C-FLAT are manifold in the field of secure embedded systems. By validating control-flow integrity, C-FLAT bypasses limitations of previous attestation models vulnerable to runtime exploits that manipulate program state without altering static binaries. Moreover, as IoT devices proliferate, C-FLAT's model promises to be applicable to a broad range of systems. The paper suggests that future processor architectures with embedded trust anchors, such as ARM's TrustZone-M, will further facilitate the deployment of C-FLAT in commercial microcontrollers.

Future research directions may leverage the foundational work of C-FLAT to explore broader applications involving data-flow attestation, thus addressing attacks beyond control flow. The integration of probe-based attestation for larger, complex programs may provide further robustness in runtime verification. This expansion could establish novel paradigms for interactive attestation, enabling dynamic, real-time verification of system integrity.

In summary, the authors have presented a rigorous contribution to the domain of secure embedded systems through C-FLAT, shaping how runtime attestation can effectively tackle advanced security threats in constrained devices.