English
Related papers

Related papers: ACFA: Secure Runtime Auditing & Guaranteed Device …

200 papers

CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal…

Cryptography and Security · Computer Science 2017-08-01 Ruan de Clercq , Ingrid Verbauwhede

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and…

Hardware Architecture · Computer Science 2021-03-09 Mario Telesklav , Stefan Tauner

Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications, from smart personal spaces to complex industrial control…

Cryptography and Security · Computer Science 2024-07-09 Liam Tyler , Ivan De Oliveira Nunes

Memory corruption vulnerabilities are still a severe threat for software systems. To thwart the exploitation of such vulnerabilities, many different kinds of defenses have been proposed in the past. Most prominently, Control-Flow Integrity…

Cryptography and Security · Computer Science 2020-07-09 Patrick Wollgast , Robert Gawlik , Behrad Garmany , Benjamin Kollenda , Thorsten Holz

Code reuse attack (CRA) is a powerful attack that reuses existing codes to hijack the program control flow. Control flow integrity (CFI) is one of the most popular mechanisms to prevent against CRAs. However, current CFI techniques are…

Cryptography and Security · Computer Science 2019-05-07 Jiliang Zhang , Wuqiao Chen , Yuqi Niu

The introduction of remote attestation (RA) schemes has allowed academia and industry to enhance the security of their systems. The commercial products currently available enable only the validation of static properties, such as…

Cryptography and Security · Computer Science 2019-04-04 Flavio Toffalini , Eleonora Losiouk , Andrea Biondo , Jianying Zhou , Mauro Conti

Modern society is getting accustomed to the Internet of Things (IoT) and Cyber-Physical Systems (CPS) for a variety of applications that involves security-critical user data and information transfers. In the lower end of the spectrum, these…

Cryptography and Security · Computer Science 2023-05-08 Avani Dave Nilanjan Banerjee Chintan Patel

Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as an interactive protocol, whereby a trusted party -- verifier -- measures integrity of a potentially compromised remote…

Cryptography and Security · Computer Science 2017-07-31 Xavier Carpent , Norrathep Rattanavipanon , Gene Tsudik

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow…

Cryptography and Security · Computer Science 2018-12-21 Paul Muntean

Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Salmin Sultana , Hans Liljestrand , Karanvir Grewal , Michael LeMay , David M. Durham , David Schrammel , Stefan Mangard

Modern RISC-V platforms control and monitor security-critical systems such as industrial controllers and autonomous vehicles. While these platforms feature a Root-of-Trust (RoT) to store authentication secrets and enable secure boot…

Cryptography and Security · Computer Science 2024-01-08 Emanuele Parisi , Alberto Musa , Simone Manoni , Maicol Ciani , Davide Rossi , Francesco Barchi , Andrea Bartolini , Andrea Acquaviva

Modern society is increasingly surrounded by, and accustomed to, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety-critical functions, e.g., personal medical devices,…

Cryptography and Security · Computer Science 2020-01-14 Ivan De Oliveira Nunes , Karim Eldefrawy , Norrathep Rattanavipanon , Gene Tsudik

With the rapidly evolving next-generation systems-of-systems, we face new security, resilience, and operational assurance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify…

Cryptography and Security · Computer Science 2021-07-13 Heini Bergsson Debes , Thanassis Giannetsos , Ioannis Krontiris

Attestation is a strong tool to verify the integrity of an untrusted system. However, in recent years, different attacks have appeared that are able to mislead the attestation process with treacherous practices as memory copy, proxy, and…

Cryptography and Security · Computer Science 2021-10-05 Ignacio M. Delgado-Lozano , Macarena C. Martínez-Rodríguez , Alexandros Bakas , Billy Bob Brumley , Antonis Michalas

This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow Attestation (CFA) mechanisms, examining their differences and relationships. It addresses crucial questions about the goals, assumptions,…

Cryptography and Security · Computer Science 2024-10-23 Mahmoud Ammar , Adam Caulfield , Ivan De Oliveira Nunes

Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its…

Cryptography and Security · Computer Science 2024-12-05 Zhanyu Sha , Carlton Shepherd , Amir Rafi , Konstantinos Markantonakis

Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume…

Cryptography and Security · Computer Science 2026-03-27 Martin Herrmann , Oussama Draissi , Christian Niesler , Ahmad-Reza Sadeghi , Lucas Davi

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices.…

Cryptography and Security · Computer Science 2017-06-20 Thomas Nyman , Jan-Erik Ekberg , Lucas Davi , N. Asokan

Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a victim program via side-channel observations. Linearization (i.e., elimination) of secret-dependent control flow is the main countermeasure against…

Cryptography and Security · Computer Science 2025-02-12 Hans Winderix , Marton Bognar , Lesly-Ann Daniel , Frank Piessens