English

C-FLAT: Control-FLow ATtestation for Embedded Systems Software

Cryptography and Security 2016-08-18 v2

Abstract

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

Keywords

Cite

@article{arxiv.1605.07763,
  title  = {C-FLAT: Control-FLow ATtestation for Embedded Systems Software},
  author = {Tigist Abera and N. Asokan and Lucas Davi and Jan-Erik Ekberg and Thomas Nyman and Andrew Paverd and Ahmad-Reza Sadeghi and Gene Tsudik},
  journal= {arXiv preprint arXiv:1605.07763},
  year   = {2016}
}

Comments

Extended version of article to appear in CCS '16 Proceedings of the 23rd ACM Conference on Computer and Communications Security

R2 v1 2026-06-22T14:09:00.850Z