Visible to the public LAPE: A Lightweight Attestation of Program Execution Scheme for Bare-Metal Systems

TitleLAPE: A Lightweight Attestation of Program Execution Scheme for Bare-Metal Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsHuo, Dongdong, Wang, Yu, Liu, Chao, Li, Mingxuan, Wang, Yazhe, Xu, Zhen
Conference Name2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)
Date PublishedDec. 2020
ISBN Number978-1-7281-7649-9
Keywordsattestation, Attestation Compartments, Bare-Metal Systems, composability, Control Flow Attestation, Hardware, Human Behavior, Instruments, performance evaluation, process control, Program processors, pubcrawl, resilience, Resiliency, Runtime, Systematics

Unlike traditional processors, Internet of Things (IoT) devices are short of resources to incorporate mature protections (e.g. MMU, TrustZone) against modern control-flow attacks. Remote (control-flow) attestation is fast becoming a key instrument in securing such devices as it has proven the effectiveness on not only detecting runtime malware infestation of a remote device, but also saving the computing resources by moving the costly verification process away. However, few control-flow attestation schemes have been able to draw on any systematic research into the software specificity of bare-metal systems, which are widely deployed on resource-constrained IoT devices. To our knowledge, the unique design patterns of the system limit implementations of such expositions. In this paper, we present the design and proof-of-concept implementation of LAPE, a lightweight attestation of program execution scheme that enables detecting control-flow attacks for bare-metal systems without requiring hardware modification. With rudimentary memory protection support found in modern IoT-class microcontrollers, LAPE leverages software instrumentation to compartmentalize the firmware functions into several "attestation compartments". It then continuously tracks the control-flow events of each compartment and periodically reports them to the verifier. The PoC of the scheme is incorporated into an LLVM-based compiler to generate the LAPE-enabled firmware. By taking experiments with several real-world IoT firmware, the results show both the efficiency and practicality of LAPE.

Citation Keyhuo_lape_2020