Efficient Control Flow Attestation by Speculating on Control Flow Path Representations

• URL: http://arxiv.org/abs/2507.12345v1
• Date: Wed, 16 Jul 2025 15:38:58 GMT
• Title: Efficient Control Flow Attestation by Speculating on Control Flow Path Representations
• Authors: Liam Tyler, Adam Caulfield, Ivan De Oliveira Nunes,
• Abstract summary: Control Flow CF (CFA) allows remote verification of run-time software integrity in embedded systems.<n>Recent work has proposed application-specific optimizations by speculating on likely sub-paths inlog and replacing them with reserved symbols at runtime.<n>This work proposes RESPEC-CFA, an architectural extension for CFA allowing for speculation on (1) the locality of control flows and (2) their Huffman encoding.
• Score: 6.210224116507288
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Control Flow Attestation (CFA) allows remote verification of run-time software integrity in embedded systems. However, CFA is limited by the storage/transmission costs of generated control flow logs (CFlog). Recent work has proposed application-specific optimizations by speculating on likely sub-paths in CFlog and replacing them with reserved symbols at runtime. Albeit effective, prior approaches do not consider the representation of addresses in a control flow path for speculation. This work proposes RESPEC-CFA, an architectural extension for CFA allowing for speculation on (1) the locality of control flows and (2) their Huffman encoding. Alone, RESPEC-CFA reduces CFlog sizes by up to 90.1%. Combined with prior methods, RESPEC-CFA yields reductions of up to 99.7%, representing a significant step toward practical CFA.

Related papers

• Is Less More? Exploring Token Condensation as Training-free Test-time Adaptation [43.09801987385207]
  Contrastive Language-Image Pretraining (CLIP) excels at learning generalizable image representations but often falls short in zero-shot inference on certain datasets.<n>Test-time adaptation (TTA) mitigates this issue by adjusting components like normalization layers or context prompts, yet it typically requires large batch sizes and extensive augmentations.<n>We propose Token Condensation as Adaptation (TCA), a training-free adaptation method that takes a step beyond standard TC.
  arXiv  Detail & Related papers  (2024-10-16T07:13:35Z)
• TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems [9.32090482996659]
  Control Flow Auditing (CFA) offers a means to detect control flow hijacking attacks on remote devices. CFA generates a trace (CFLog) containing the destination of all branching instructions executed. TraCES guarantees reliable delivery of periodic runtime reports even when Prv is compromised.
  arXiv  Detail & Related papers  (2024-09-27T20:10:43Z)
• SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
  We propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
  arXiv  Detail & Related papers  (2024-09-27T02:39:55Z)
• A Comparative Study of Artificial Potential Fields and Reciprocal Control Barrier Function-based Safety Filters [10.525846641815788]
  We show that controllers designed by artificial potential fields (APFs) can be derived from reciprocal control barrier function quadratic program (RCBF-QP) safety filters.<n>We further generalize the APF-based controllers to more general scenarios without restricting the choice of auxiliary functions.
  arXiv  Detail & Related papers  (2024-03-23T07:14:27Z)
• One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices [16.425360892610986]
  Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system. Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state. We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
  arXiv  Detail & Related papers  (2024-03-12T10:00:06Z)
• Safe Neural Control for Non-Affine Control Systems with Differentiable Control Barrier Functions [58.19198103790931]
  This paper addresses the problem of safety-critical control for non-affine control systems. It has been shown that optimizing quadratic costs subject to state and control constraints can be sub-optimally reduced to a sequence of quadratic programs (QPs) by using Control Barrier Functions (CBFs) We incorporate higher-order CBFs into neural ordinary differential equation-based learning models as differentiable CBFs to guarantee safety for non-affine control systems.
  arXiv  Detail & Related papers  (2023-09-06T05:35:48Z)
• Value Functions are Control Barrier Functions: Verification of Safe Policies using Control Theory [46.85103495283037]
  We propose a new approach to apply verification methods from control theory to learned value functions. We formalize original theorems that establish links between value functions and control barrier functions. Our work marks a significant step towards a formal framework for the general, scalable, and verifiable design of RL-based control systems.
  arXiv  Detail & Related papers  (2023-06-06T21:41:31Z)
• Bayes risk CTC: Controllable CTC alignment in Sequence-to-Sequence tasks [63.189632935619535]
  Bayes risk CTC (BRCTC) is proposed to enforce the desired characteristics of the predicted alignment. By using BRCTC with another preference for early emissions, we obtain an improved performance-latency trade-off for online models.
  arXiv  Detail & Related papers  (2022-10-14T03:55:36Z)
• Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
  We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
  arXiv  Detail & Related papers  (2021-06-03T16:45:40Z)
• Improved Mask-CTC for Non-Autoregressive End-to-End ASR [49.192579824582694]
  Recently proposed end-to-end ASR system based on mask-predict with connectionist temporal classification (CTC) We propose to enhance the network architecture by employing a recently proposed architecture called Conformer. Next, we propose new training and decoding methods by introducing auxiliary objective to predict the length of a partial target sequence.
  arXiv  Detail & Related papers  (2020-10-26T01:22:35Z)
• Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming [97.40955121478716]
  We propose a first-order dual SDP algorithm that requires memory only linear in the total number of network activations. We significantly improve L-inf verified robust accuracy from 1% to 88% and 6% to 40% respectively. We also demonstrate tight verification of a quadratic stability specification for the decoder of a variational autoencoder.
  arXiv  Detail & Related papers  (2020-10-22T12:32:29Z)
• Certified Reinforcement Learning with Logic Guidance [78.2286146954051]
  We propose a model-free RL algorithm that enables the use of Linear Temporal Logic (LTL) to formulate a goal for unknown continuous-state/action Markov Decision Processes (MDPs) The algorithm is guaranteed to synthesise a control policy whose traces satisfy the specification with maximal probability.
  arXiv  Detail & Related papers  (2019-02-02T20:09:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.