Skip to main content
SpringerLink
Log in

Log-Based Control Flow Attestation for Embedded Devices

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11982))

Included in the following conference series:

Abstract

Remote attestation is a very important mechanism helping a trusted party to get the status of a remote embedded device. Most remote attestation schemes aim at checking the code integrity and leave devices vulnerable to runtime attacks. Recently a new kind of attestation called control flow attestation has been proposed to get rid of this limitation. However, previous studies on control flow attestation cannot verify the attestation result efficiently and lack secure storage.

In this paper, we present a log-based attestation scheme that not only can attest the control flow path of programs on embedded devices but also can verify the attestation result very efficiently. We use a lightweight root of trust in our attestation. We implement our system on Hikey board using ARM TrustZone security extension. We evaluate the performance using a popular embedded device benchmark Mibench and demonstrate that our scheme has a high security assurance and a good performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: NDSS, vol. 12, pp. 1–15 (2012)

    Google Scholar 

  2. Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: TrustLite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys 2014, pp. 10:1–10:14. ACM, New York (2014)

    Google Scholar 

  3. Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to RISC. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27–38. ACM (2008)

    Google Scholar 

  4. Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 30–40. ACM, New York (2011)

    Google Scholar 

  5. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 340–353. ACM, New York (2005)

    Google Scholar 

  6. Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI 2014, pp. 147–163. USENIX Association, Berkeley (2014)

    Google Scholar 

  7. Abera, T., et al.: C-FLAT: control-flow attestation for embedded systems software. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 743–754. ACM, New York (2016)

    Google Scholar 

  8. Dessouky, G., et al.: Lo-fat: low-overhead control flow attestation in hardware. In: Proceedings of the 54th Annual Design Automation Conference 2017, DAC 2017, pp. 24:1–24:6. ACM, New York (2017)

    Google Scholar 

  9. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)

    Article  Google Scholar 

  10. ARM Information Center, 11 July 2017. http://infocenter.arm.com/help/index.jsp

  11. OP-TEE Trusted OS. https://github.com/OP-TEE/optee_os

  12. Qualcomm Security Platform. https://www.qualcomm.com/solutions/mobile-computing/features/security

  13. Linnartz, J.-P., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44887-X_47

    Chapter  MATH  Google Scholar 

  14. Zhao, S., Zhang, Q., Hu, G., Qin, Y., Feng, D.: Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, TrustED 2014, pp. 25–36. ACM, New York (2014)

    Google Scholar 

  15. Machiry, A., et al.: Boomerang: exploiting the semantic gap in trusted execution environments (2017)

    Google Scholar 

  16. Data Execution Prevention. https://msdn.microsoft.com/zh-cn/library/aa366553(vs.85).aspx

Download references

Acknowledgements

The research presented in this paper is supported by the National Key Research and Development Program of China under Grant No. 2018YFB0904900, 2018YFB0904903 and the National Natural Science Foundation of China under Grant No. 61872343, 61802375, 61602455.

Author information

Authors and Affiliations

  1. University of Chinese Academy of Sciences, Beijing, China

    Jingbin Liu

  2. TCA, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Jingbin Liu, Qin Yu, Shijun Zhao & Dengguo Feng

  3. SKLCS, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Dengguo Feng

  4. Shenzhen Power Supply Bureau Co., Ltd., Shenzhen, China

    Wei Liu & Weifeng Luo

Authors
  1. Jingbin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shijun Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Weifeng Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jingbin Liu .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Beihang University, Beijing, China

    Xiao Zhang

  3. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, J., Yu, Q., Liu, W., Zhao, S., Feng, D., Luo, W. (2019). Log-Based Control Flow Attestation for Embedded Devices. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11982. Springer, Cham. https://doi.org/10.1007/978-3-030-37337-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37337-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37336-8

  • Online ISBN: 978-3-030-37337-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation