English
Related papers

Related papers: SpecCFA: Enhancing Control Flow Attestation/Auditi…

200 papers

Micro-controller units (MCUs) implement the de facto interface between the physical and digital worlds. As a consequence, they appear in a variety of sensing/actuation applications, from smart personal spaces to complex industrial control…

Cryptography and Security · Computer Science 2024-07-09 Liam Tyler , Ivan De Oliveira Nunes

Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in embedded devices. However, existing attestation schemes are either static and cannot…

Cryptography and Security · Computer Science 2018-10-04 Ghada Dessouky , Shaza Zeitouni , Thomas Nyman , Andrew Paverd , Lucas Davi , Patrick Koeberl , N. Asokan , Ahmad-Reza Sadeghi

Control-Flow Attestation (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system (prover). Existing CFA schemes suffer from impractical assumptions, such as…

Cryptography and Security · Computer Science 2024-03-13 Marco Chilese , Richard Mitev , Meni Orenbach , Robert Thorburn , Ahmad Atamli , Ahmad-Reza Sadeghi

This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow Attestation (CFA) mechanisms, examining their differences and relationships. It addresses crucial questions about the goals, assumptions,…

Cryptography and Security · Computer Science 2024-10-23 Mahmoud Ammar , Adam Caulfield , Ivan De Oliveira Nunes

Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its…

Cryptography and Security · Computer Science 2024-12-05 Zhanyu Sha , Carlton Shepherd , Amir Rafi , Konstantinos Markantonakis

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared…

Cryptography and Security · Computer Science 2022-08-09 Tanmaya Mishra , Thidapat Chantem , Ryan Gerdes

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow…

Cryptography and Security · Computer Science 2018-12-21 Paul Muntean

Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of…

Software Engineering · Computer Science 2016-12-02 Asim Abdulkhaleq , Stefan Wagner

Control-flow hijacking attacks are used to perform malicious com-putations. Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case…

Cryptography and Security · Computer Science 2019-10-04 Paul Muntean , Matthias Neumayer , Zhiqiang Lin , Gang Tan , Jens Grossklags , Claudia Eckert

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device…

Cryptography and Security · Computer Science 2016-08-18 Tigist Abera , N. Asokan , Lucas Davi , Jan-Erik Ekberg , Thomas Nyman , Andrew Paverd , Ahmad-Reza Sadeghi , Gene Tsudik

System-Theoretic Process Analysis (STPA) is a recommended method for analysing complex systems, capable of identifying thousands of safety requirements often missed by traditional techniques such as Failure Mode and Effects Analysis (FMEA)…

Software Engineering · Computer Science 2025-08-26 Shufeng Chen , Halima El Badaoui , Mariat James Elizebeth , Takuya Nakashima , Siddartha Khastgir , Paul Jennings

Attacks based on side-channel analysis (SCA) pose a severe security threat to modern computing platforms, further exacerbated on IoT devices by their pervasiveness and handling of private and critical data. Designing SCA-resistant computing…

Cryptography and Security · Computer Science 2025-03-18 Davide Zoni , Andrea Galimberti , Davide Galli

Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Salmin Sultana , Hans Liljestrand , Karanvir Grewal , Michael LeMay , David M. Durham , David Schrammel , Stefan Mangard

Static analysis approximates the results of a program by examining only its syntax. For example, control-flow analysis (CFA) determines which syntactic lambdas (for functional languages) or (for object-oriented) methods may be invoked at…

Programming Languages · Computer Science 2021-07-28 Davis Ross Silverman , Yihao Sun , Kristopher Micinski , Thomas Gilray

Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for…

Cryptography and Security · Computer Science 2023-09-21 Sashidhar Jakkamsetti , Youngil Kim , Andrew Searles , Gene Tsudik

Traditional control-flow analysis (CFA) for higher-order languages, whether implemented by constraint-solving or abstract interpretation, introduces spurious connections between callers and callees. Two distinct invocations of a function…

Programming Languages · Computer Science 2016-03-23 Thomas Gilray , Steven Lyde , Michael D. Adams , Matthew Might , David Van Horn

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

Systems Theoretic Process Analysis (STPA) is a widely recommended method for analysing complex system safety. STPA can identify numerous Unsafe Control Actions (UCAs) and requirements depending on the level of granularity of the analysis…

Systems and Control · Electrical Eng. & Systems 2025-08-15 Halima El Badaoui

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Many dedicated embedded processors do not have memory or computational resources to coexist with traditional (host-based) security solutions. As a result, there is interest in using out-of-band analog side-channel measurements and their…

Cryptography and Security · Computer Science 2019-11-01 Mark Chilenski , George Cybenko , Isaac Dekine , Piyush Kumar , Gil Raz