SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation
- URL: http://arxiv.org/abs/2409.18403v1
- Date: Fri, 27 Sep 2024 02:39:55 GMT
- Title: SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation
- Authors: Adam Caulfield, Liam Tyler, Ivan De Oliveira Nunes,
- Abstract summary: We propose SpecCFA: an approach for dynamic sub-path speculation in CFA.
SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
- Score: 6.210224116507288
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: At the edge of modern cyber-physical systems, Micro-Controller Units (MCUs) are responsible for safety-critical sensing/actuation. However, MCU cost constraints rule out the usual security mechanisms of general-purpose computers. Thus, various low-cost security architectures have been proposed to remotely verify MCU software integrity. Control Flow Attestation (CFA) enables a Verifier (Vrf) to remotely assess the run-time behavior of a prover MCU (Prv), generating an authenticated trace of all of Prv control flow transfers (CFLog). Further, Control Flow Auditing architectures augment CFA by guaranteeing the delivery of evidence to Vrf. Unfortunately, a limitation of existing CFA lies in the cost to store and transmit CFLog, as even simple MCU software may generate large traces. Given these issues, prior work has proposed static (context-insensitive) optimizations. However, they do not support configurable program-specific optimizations. In this work, we note that programs may produce unique predictable control flow sub-paths and argue that program-specific predictability can be leveraged to dynamically optimize CFA while retaining all security guarantees. Therefore, we propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA allows Vrf to securely speculate on likely control flow sub-paths for each attested program. At run-time, when a sub-path in CFLog matches a pre-defined speculation, the entire sub-path is replaced by a reserved symbol. SpecCFA can speculate on multiple variable-length control flow sub-paths simultaneously. We implement SpecCFA atop two open-source control flow auditing architectures: one based on a custom hardware design and one based on a commodity Trusted Execution Environment (ARM TrustZone-M). In both cases, SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
Related papers
- TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems [9.32090482996659]
Control Flow Auditing (CFA) offers a means to detect control flow hijacking attacks on remote devices.
CFA generates a trace (CFLog) containing the destination of all branching instructions executed.
TraCES guarantees reliable delivery of periodic runtime reports even when Prv is compromised.
arXiv Detail & Related papers (2024-09-27T20:10:43Z) - One for All and All for One: GNN-based Control-Flow Attestation for
Embedded Devices [16.425360892610986]
Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system.
Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state.
We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
arXiv Detail & Related papers (2024-03-12T10:00:06Z) - TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust [4.444373990868152]
TitanCFI modifies the commit stage of a protected core to stream control flow instructions to the RoT.
It avoids the design of custom IPs and the modification of the compilation toolchain.
It exploits the RoT tamper-proof storage and cryptographic accelerators to secure metadata.
arXiv Detail & Related papers (2024-01-04T22:58:33Z) - Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V [0.0]
Unauthorized access, fault injection, and privacy invasion are potential threats from untrusted actors.
We propose an integrated Information Flow Tracking (IFT) technique to enable runtime security to protect system integrity.
This study proposes a multi-level IFT model that integrates a hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique.
arXiv Detail & Related papers (2023-11-17T02:04:07Z) - Poster: Control-Flow Integrity in Low-end Embedded Devices [12.193184827858326]
This work constructs an architecture that ensures integrity of software execution against run-time attacks.
It is built atop a recently proposed CASU -- a low-cost active Root-of-Trust (RoT) that guarantees software immutability.
arXiv Detail & Related papers (2023-09-19T07:52:43Z) - A General Framework for Verification and Control of Dynamical Models via Certificate Synthesis [54.959571890098786]
We provide a framework to encode system specifications and define corresponding certificates.
We present an automated approach to formally synthesise controllers and certificates.
Our approach contributes to the broad field of safe learning for control, exploiting the flexibility of neural networks.
arXiv Detail & Related papers (2023-09-12T09:37:26Z) - Actor-Critic based Improper Reinforcement Learning [61.430513757337486]
We consider an improper reinforcement learning setting where a learner is given $M$ base controllers for an unknown Markov decision process.
We propose two algorithms: (1) a Policy Gradient-based approach; and (2) an algorithm that can switch between a simple Actor-Critic scheme and a Natural Actor-Critic scheme.
arXiv Detail & Related papers (2022-07-19T05:55:02Z) - Pointwise Feasibility of Gaussian Process-based Safety-Critical Control
under Model Uncertainty [77.18483084440182]
Control Barrier Functions (CBFs) and Control Lyapunov Functions (CLFs) are popular tools for enforcing safety and stability of a controlled system, respectively.
We present a Gaussian Process (GP)-based approach to tackle the problem of model uncertainty in safety-critical controllers that use CBFs and CLFs.
arXiv Detail & Related papers (2021-06-13T23:08:49Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Security Limitations of Classical-Client Delegated Quantum Computing [54.28005879611532]
A client remotely prepares a quantum state using a classical channel.
Privacy loss incurred by employing $RSP_CC$ as a sub-module is unclear.
We show that a specific $RSP_CC$ protocol can replace the quantum channel at least in some contexts.
arXiv Detail & Related papers (2020-07-03T13:15:13Z) - Certified Reinforcement Learning with Logic Guidance [78.2286146954051]
We propose a model-free RL algorithm that enables the use of Linear Temporal Logic (LTL) to formulate a goal for unknown continuous-state/action Markov Decision Processes (MDPs)
The algorithm is guaranteed to synthesise a control policy whose traces satisfy the specification with maximal probability.
arXiv Detail & Related papers (2019-02-02T20:09:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.