research-article

ReCFA: Resilient Control-Flow Attestation

Authors:

Siqi MaAuthors Info & Claims

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

Pages 311 - 322

https://doi.org/10.1145/3485832.3485900

Published: 06 December 2021 Publication History

Abstract

Recent IoT applications gradually adapt more complicated end systems with commodity software. Ensuring the runtime integrity of these software is a challenging task for the remote controller or cloud services. Popular enforcement is the runtime remote attestation which requires the end system (prover) to generate evidence for its runtime behavior and a remote trusted verifier to attest the evidence. Control-flow attestation is a kind of runtime attestation that provides diagnoses towards the remote control-flow hijacking at the prover. Most of these attestation approaches focus on small or embedded software. The recent advance to attesting complicated software depends on the source code and CFG traversing to measure the checkpoint-separated subpaths, which may be unavailable for commodity software and cause possible context missing between consecutive subpaths in the measurements.

In this work, we propose a resilient control-flow attestation (ReCFA), which does not need the offline measurement of all legitimate control-flow paths, thus scalable to be used on complicated commodity software. Our main contribution is a multi-phase approach to condensing the runtime control-flow events; as a result, the vast amount of control-flow events are abstracted into a deliverable size. The condensing approach consists of filtering skippable call sites, folding program-structure related control-flow events, and a greedy compression. Our approach is implemented with binary-level static analysis and instrumentation. We employ a shadow stack mechanism at the verifier to enforce context-sensitive control-flow integrity and diagnose the compromised control-flow events violating the security policy. The experimental results on real-world benchmarks show both the efficiency of the control-flow condensing and the effectiveness of security enforcement.

References

[1]

[n.d.]. TrustZone technology for ARMv8-M Architecture, version 1.0. Available at https://static.docs.arm.com/100690/0100/armv8_m_architecture_trustzone_technology_100690_0100_00_en.pdf.

[2]

[n.d.]. Zstandard. Available at https://facebook.github.io/zstd/.

[3]

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13, 1 (2009), 4:1–4:40.

Digital Library

[4]

Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. C-FLAT: Control-Flow Attestation for Embedded Systems Software. In CCS’16. 743–754.

[5]

Tigist Abera, Raad Bahmani, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, and Matthias Schunter. 2019. DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems. In NDSS’19.

[6]

Andrew R. Bernat and Barton P. Miller. 2011. Anywhere, any-time binary instrumentation. In Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools, PASTE’11, Szeged, Hungary, September 5-9, 2011, Jeff Foster and Lori L. Pollock (Eds.). ACM, 9–16.

[7]

Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage. 2008. When good instructions go bad: generalizing return-oriented programming to RISC. In CCS’08. 27–38.

[8]

Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-Flow Integrity: Precision, Security, and Performance. ACM Comput. Surv. 50, 1 (2017), 16:1–16:33.

[9]

Shuo Chen, Jun Xu, and Emre Can Sezer. 2005. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31 - August 5, 2005. USENIX Association.

Digital Library

[10]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86.

[11]

Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. 2009. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, STC’09. 49–54.

Digital Library

[12]

Ghada Dessouky, Tigist Abera, Ahmad Ibrahim, and Ahmad-Reza Sadeghi. 2018. LiteHAX: lightweight hardware-assisted attestation of program execution. In ICCAD’18. ACM, 106.

[13]

Ghada Dessouky, Shaza Zeitouni, Thomas Nyman, Andrew Paverd, Lucas Davi, Patrick Koeberl, N. Asokan, and Ahmad-Reza Sadeghi. 2017. LO-FAT: Low-Overhead Control Flow ATtestation in Hardware. In DAC’17. 24:1–24:6.

[14]

Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard E. Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the Point(er): On the Effectiveness of Code Pointer Integrity. In SP’15. IEEE Computer Society, 781–796.

[15]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard E. Shrobe, Martin C. Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. In CCS’15. ACM, 901–913.

Digital Library

[16]

Munir Geden and Kasper Rasmussen. 2019. Hardware-assisted Remote Runtime Attestation for Critical Embedded Systems. In PST’19. IEEE, 1–10.

[17]

Vivek Haldar, Deepak Chandra, and Michael Franz. 2004. Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. In Proceedings of the 3rd Conference on Virtual Machine Research And Technology Symposium - Volume 3 (San Jose, California) (VM’04). 3–3.

[18]

Stefan Hristozov, Johann Heyszl, Steffen Wagner, and Georg Sigl. 2018. Practical runtime attestation for tiny iot devices. In NDSS Workshop on Decentralized IoT Security and Standards (DISS)’18, Vol. 10.

[19]

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In CCS’18. ACM, 1470–1486.

[20]

Jianxing Hu, Dongdong Huo, Meilin Wang, Yazhe Wang, Yan Zhang, and Yu Li. 2019. A Probability Prediction Based Mutable Control-Flow Attestation Scheme on Embedded Platforms. In TrustCom/BigDataSE’19. 530–537.

[21]

Dongdong Huo, Yu Wang, Chao Liu, Mingxuan Li, Yazhe Wang, and Zhen Xu. 2020. LAPE: A Lightweight Attestation of Program Execution Scheme for Bare-Metal Systems. In 22nd IEEE International Conference on High Performance Computing and Communications; 18th IEEE International Conference on Smart City; 6th IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2020. IEEE, 78–86.

[22]

Intel Corporation. 2016. Intel(R) 64 and IA-32 Architectures Software Developer’s Manual. (2016). https://software.intel.com/en-us/articles/intel-sdm

[23]

Sun Hyoung Kim, Cong Sun, Dongrui Zeng, and Gang Tan. 2021. Refining Indirect Call Targets at the Binary Level. In NDSS’21. The Internet Society.

[24]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: a security architecture for tiny embedded devices. In EuroSys’14. 10:1–10:14.

[25]

Jingbin Liu, Qin Yu, Wei Liu, Shijun Zhao, Dengguo Feng, and Weifeng Luo. 2019. Log-Based Control Flow Attestation for Embedded Devices. In Cyberspace Safety and Security - 11th International Symposium, CSS’19, Part I(Lecture Notes in Computer Science, Vol. 11982). Springer, 117–132.

[26]

Pavel Mach and Zdenek Becvar. 2017. Mobile Edge Computing: A Survey on Architecture and Computation Offloading. IEEE Communications Surveys and Tutorials 19, 3 (2017), 1628–1656.

Digital Library

[27]

Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen, and Michael Franz. 2015. Opaque Control-Flow Integrity. In NDSS’15. The Internet Society.

[28]

Paul Muntean, Matthias Fischer, Gang Tan, Zhiqiang Lin, Jens Grossklags, and Claudia Eckert. 2018. τCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries. In RAID’18(Lecture Notes in Computer Science, Vol. 11050). Springer, 423–444.

[29]

Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base. In USENIX Security Symposium. 479–494.

Digital Library

[30]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2020. APEX: A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise. In USENIX Security Symposium. USENIX Association, 771–788.

[31]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik. 2020. Tiny-CFA: A Minimalistic Approach for Control-Flow Attestation Using Verified Proofs of Execution. CoRR abs/2011.07400(2020).

[32]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, and Gene Tsudik. 2021. DIALED: Data Integrity Attestation for Low-end Embedded Devices. CoRR abs/2103.12928(2021).

[33]

Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In DIMVA’15. 144–164.

[34]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS’07. 552–561.

[35]

Zhichuang Sun, Bo Feng, Long Lu, and Somesh Jha. 2020. OAT: Attesting Operation Integrity of Embedded Devices. In SP’20. IEEE, 1433–1449.

[36]

Flavio Toffalini, Eleonora Losiouk, Andrea Biondo, Jianying Zhou, and Mauro Conti. 2019. ScaRR: Scalable Runtime Remote Attestation for Complex Systems. In RAID’19. 121–134.

[37]

Victor van der Veen, Enes Göktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. 2016. A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level. In SP’16. 934–953.

[38]

Minghua Wang, Heng Yin, Abhishek Vasisht Bhaskar, Purui Su, and Dengguo Feng. 2015. Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries. In ACSAC’15. 331–340.

[39]

Shaza Zeitouni, Ghada Dessouky, Orlando Arias, Dean Sullivan, Ahmad Ibrahim, Yier Jin, and Ahmad-Reza Sadeghi. 2017. ATRIUM: Runtime attestation resilient under memory attacks. In ICCAD’17. 384–391.

[40]

Dongrui Zeng and Gang Tan. 2018. From Debugging-Information Based Binary-Level Type Inference to CFG Generation. In CODASPY’18. 366–376.

[41]

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical Control Flow Integrity and Randomization for Binary Executables. In SP’13. 559–573.

[42]

Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In USENIX Security Symposium. 337–352.

Cited By

Chilese MMitev ROrenbach MThorburn RAtamli ASadeghi A(2024)One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00251(3346-3364)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00251
Gonzalez-Gomez JNassar HBauer LHenkel J(2024)LightFAt: Mitigating Control-Flow Explosion via Lightweight PMU-Based Control-Flow Attestation2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545348(222-226)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545348
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833
Show More Cited By

Index Terms

ReCFA: Resilient Control-Flow Attestation
1. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Combining control-flow integrity and static analysis for efficient and validated data sandboxing
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

In many software attacks, inducing an illegal control-flow transfer in the target system is one common step. Control-Flow Integrity (CFI) protects a software system by enforcing a pre-determined control-flow graph. In addition to providing strong ...
Integrating Static Analyses for High-Precision Control-Flow Integrity
RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses

Memory corruptions are still one of the most prevalent and severe security vulnerabilities in today’s programs. For this reason, several techniques for mitigating software vulnerabilities exist and are used in production systems. An important mitigation ...
Per-Input Control-Flow Integrity
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a program and instrument the program to enforce that CFG. The statically ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

December 2021

1077 pages

ISBN:9781450385794

DOI:10.1145/3485832

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Key Research and Development Program of Shaanxi
National Natural Science Foundation of China

Conference

ACSAC '21

ACSAC '21: Annual Computer Security Applications Conference

December 6 - 10, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
479
Total Downloads

Downloads (Last 12 months)131
Downloads (Last 6 weeks)8

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chilese MMitev ROrenbach MThorburn RAtamli ASadeghi A(2024)One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00251(3346-3364)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00251
Gonzalez-Gomez JNassar HBauer LHenkel J(2024)LightFAt: Mitigating Control-Flow Explosion via Lightweight PMU-Based Control-Flow Attestation2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545348(222-226)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545348
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833
Neto ANunes I(2023)ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS58335.2023.00018(133-146)Online publication date: May-2023
https://doi.org/10.1109/RTAS58335.2023.00018
Morbitzer MKopf BZieris P(2023)GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments2023 IEEE 16th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD60044.2023.00073(547-553)Online publication date: Jul-2023
https://doi.org/10.1109/CLOUD60044.2023.00073
Ben Yehuda RKiperberg MZaidenberg N(2022)Nanovised Control Flow AttestationApplied Sciences10.3390/app1205266912:5(2669)Online publication date: 4-Mar-2022
https://doi.org/10.3390/app12052669
Zhang SZhang YJing XDiao XHuang G(2022)DataAttest: A Framework to Attest Off-Chain Data AuthenticityBlockchain and Trustworthy Systems10.1007/978-981-19-8043-5_5(65-78)Online publication date: 10-Dec-2022
https://doi.org/10.1007/978-981-19-8043-5_5

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents