Visible to the public A Probability Prediction Based Mutable Control-Flow Attestation Scheme on Embedded Platforms

TitleA Probability Prediction Based Mutable Control-Flow Attestation Scheme on Embedded Platforms
Publication TypeConference Paper
Year of Publication2019
AuthorsHu, Jianxing, Huo, Dongdong, Wang, Meilin, Wang, Yazhe, Zhang, Yan, Li, Yu
Conference Name2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
KeywordsARM TrustZone, attestation, coarse-grained check, coarse-grained control-flow attestation schemes, composability, Control Flow Attestation, control-flow attacks, control-flow security, costly fine-grained level, Embedded Platform Security, Embedded Software, Embedded systems, execution-profiling CFG, execution-profiling control-flow graph, fine-grained remote control-flow attestation, Human Behavior, machine learning, MGC-FA, mutable control-flow attestation scheme, mutable granularity control-flow attestation, Mutable Granularity Scheme, operating systems (computers), Predictive models, Probabilistic logic, probability, pubcrawl, Raspberry Pi, remote attestation, remote control-flow attestation scheme, Resiliency, Runtime, security, security of data, software integrity
AbstractControl-flow attacks cause powerful threats to the software integrity. Remote attestation for control flow is a crucial security service for ensuring the software integrity on embedded platforms. The fine-grained remote control-flow attestation with execution-profiling Control-Flow Graph (CFG) is applied to defend against control-flow attacks. It is a safe scheme but it may influence the runtime efficiency. In fact, we find out only the vulnerable parts of a program need being attested at costly fine-grained level to ensure the security, and the remaining normal parts just need a lightweight coarse-grained check to reduce the overhead. We propose Mutable Granularity Control-Flow Attestation (MGC-FA) scheme, which bases on a probabilistic model, to distinguish between the vulnerable and normal parts in the program and combine fine-grained and coarse-grained control-flow attestation schemes. MGC-FA employs the execution-profiling CFG to apply the remote control-flow attestation scheme on embedded devices. MGC-FA is implemented on Raspberry Pi with ARM TrustZone and the experimental results show its effect on balancing the relationship between runtime efficiency and control-flow security.
Citation Keyhu_probability_2019