Visible to the public LiteHAX: Lightweight Hardware-Assisted Attestation of Program Execution

TitleLiteHAX: Lightweight Hardware-Assisted Attestation of Program Execution
Publication TypeConference Paper
Year of Publication2018
AuthorsDessouky, G., Abera, T., Ibrahim, A., Sadeghi, A.
Conference Name2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)
Date Publishednov
Keywordsattestation, composability, control-flow attacks, control-flow attestation schemes, data flow computing, data integrity, data-flow events, data-oriented programming, DOP attacks, embedded Internet of Things devices, Embedded systems, hardware-assisted remote attestation scheme, Human Behavior, Internet of Things, lightweight hardware-assisted attestation of program execution, LiteHAX, malicious modification, Malware, Program processors, Programming, pubcrawl, RA, reduced instruction set computing, remote device integrity, Resiliency, RISC-based embedded devices, RISC-V system-on-chip, Runtime, runtime attestation, security, security of data, security service, SoC, software binaries, system-on-chip, Trusted Computing

Unlike traditional processors, embedded Internet of Things (IoT) devices lack resources to incorporate protection against modern sophisticated attacks resulting in critical consequences. Remote attestation (RA) is a security service to establish trust in the integrity of a remote device. While conventional RA is static and limited to detecting malicious modification to software binaries at load-time, recent research has made progress towards runtime attestation, such as attesting the control flow of an executing program. However, existing control-flow attestation schemes are inefficient and vulnerable to sophisticated data-oriented programming (DOP) attacks subvert these schemes and keep the control flow of the code intact. In this paper, we present LiteHAX, an efficient hardware-assisted remote attestation scheme for RISC-based embedded devices that enables detecting both control-flow attacks as well as DOP attacks. LiteHAX continuously tracks both the control-flow and data-flow events of a program executing on a remote device and reports them to a trusted verifying party. We implemented and evaluated LiteHAX on a RISC-V System-on-Chip (SoC) and show that it has minimal performance and area overhead.

Citation Keydessouky_litehax:_2018