TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust
- URL: http://arxiv.org/abs/2401.02567v1
- Date: Thu, 4 Jan 2024 22:58:33 GMT
- Title: TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust
- Authors: Emanuele Parisi, Alberto Musa, Simone Manoni, Maicol Ciani, Davide Rossi, Francesco Barchi, Andrea Bartolini, Andrea Acquaviva,
- Abstract summary: TitanCFI modifies the commit stage of a protected core to stream control flow instructions to the RoT.
It avoids the design of custom IPs and the modification of the compilation toolchain.
It exploits the RoT tamper-proof storage and cryptographic accelerators to secure metadata.
- Score: 4.444373990868152
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Modern RISC-V platforms control and monitor security-critical systems such as industrial controllers and autonomous vehicles. While these platforms feature a Root-of-Trust (RoT) to store authentication secrets and enable secure boot technologies, they often lack Control-Flow Integrity (CFI) enforcement and are vulnerable to cyber-attacks which divert the control flow of an application to trigger malicious behaviours. Recent techniques to enforce CFI in RISC-V systems include ISA modifications or custom hardware IPs, all requiring ad-hoc binary toolchains or design of CFI primitives in hardware. This paper proposes TitanCFI, a novel approach to enforce CFI in the RoT. TitanCFI modifies the commit stage of the protected core to stream control flow instructions to the RoT and it integrates the CFI enforcement policy in the RoT firmware. Our approach enables maximum reuse of the hardware resource present in the System-on-Chip (SoC), and it avoids the design of custom IPs and the modification of the compilation toolchain, while exploiting the RoT tamper-proof storage and cryptographic accelerators to secure CFI metadata. We implemented the proposed architecture on a modern RISC-V SoC along with a return address protection policy in the RoT, and benchmarked area and runtime overhead. Experimental results show that TitanCFI achieves overhead comparable to SoA hardware CFI solutions for most benchmarks, with lower area overhead, resulting in 1% of additional area occupation.
Related papers
- TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems [9.32090482996659]
Control Flow Auditing (CFA) offers a means to detect control flow hijacking attacks on remote devices.
CFA generates a trace (CFLog) containing the destination of all branching instructions executed.
TraCES guarantees reliable delivery of periodic runtime reports even when Prv is compromised.
arXiv Detail & Related papers (2024-09-27T20:10:43Z) - SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
We propose SpecCFA: an approach for dynamic sub-path speculation in CFA.
SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
arXiv Detail & Related papers (2024-09-27T02:39:55Z) - Designing Short-Stage CDC-XPUFs: Balancing Reliability, Cost, and
Security in IoT Devices [2.28438857884398]
Physically Unclonable Functions (PUFs) generate unique cryptographic keys from inherent hardware variations.
Traditional PUFs like Arbiter PUFs (APUFs) and XOR Arbiter PUFs (XOR-PUFs) are susceptible to machine learning (ML) and reliability-based attacks.
We propose an optimized CDC-XPUF design that incorporates a pre-selection strategy to enhance reliability and introduces a novel lightweight architecture.
arXiv Detail & Related papers (2024-09-26T14:50:20Z) - Conformal Distributed Remote Inference in Sensor Networks Under Reliability and Communication Constraints [61.62410595953275]
Communication-constrained distributed conformal risk control (CD-CRC)
CD-CRC is a novel decision-making framework for sensor networks under communication constraints.
arXiv Detail & Related papers (2024-09-12T10:12:43Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - HOACS: Homomorphic Obfuscation Assisted Concealing of Secrets to Thwart Trojan Attacks in COTS Processor [0.6874745415692134]
We propose a software-oriented countermeasure to ensure the confidentiality of secret assets against hardware Trojans.
The proposed solution does not require any supply chain entity to be trusted and does not require analysis or modification of the IC design.
We have implemented the proposed solution to protect the secret key within the Advanced Encryption Standard (AES) program and presented a detailed security analysis.
arXiv Detail & Related papers (2024-02-15T04:33:30Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Poster: Control-Flow Integrity in Low-end Embedded Devices [12.193184827858326]
This work constructs an architecture that ensures integrity of software execution against run-time attacks.
It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability.
arXiv Detail & Related papers (2023-09-19T07:52:43Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Symbolic Reinforcement Learning for Safe RAN Control [62.997667081978825]
We show a Symbolic Reinforcement Learning (SRL) architecture for safe control in Radio Access Network (RAN) applications.
In our tool, a user can select a high-level safety specifications expressed in Linear Temporal Logic (LTL) to shield an RL agent running in a given cellular network.
We demonstrate the user interface (UI) helping the user set intent specifications to the architecture and inspect the difference in allowed and blocked actions.
arXiv Detail & Related papers (2021-03-11T10:56:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.