Efficient Control Flow Attestation by Speculating on Control Flow Path Representations
- URL: http://arxiv.org/abs/2507.12345v1
- Date: Wed, 16 Jul 2025 15:38:58 GMT
- Title: Efficient Control Flow Attestation by Speculating on Control Flow Path Representations
- Authors: Liam Tyler, Adam Caulfield, Ivan De Oliveira Nunes,
- Abstract summary: Control Flow CF (CFA) allows remote verification of run-time software integrity in embedded systems.<n>Recent work has proposed application-specific optimizations by speculating on likely sub-paths inlog and replacing them with reserved symbols at runtime.<n>This work proposes RESPEC-CFA, an architectural extension for CFA allowing for speculation on (1) the locality of control flows and (2) their Huffman encoding.
- Score: 6.210224116507288
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Control Flow Attestation (CFA) allows remote verification of run-time software integrity in embedded systems. However, CFA is limited by the storage/transmission costs of generated control flow logs (CFlog). Recent work has proposed application-specific optimizations by speculating on likely sub-paths in CFlog and replacing them with reserved symbols at runtime. Albeit effective, prior approaches do not consider the representation of addresses in a control flow path for speculation. This work proposes RESPEC-CFA, an architectural extension for CFA allowing for speculation on (1) the locality of control flows and (2) their Huffman encoding. Alone, RESPEC-CFA reduces CFlog sizes by up to 90.1%. Combined with prior methods, RESPEC-CFA yields reductions of up to 99.7%, representing a significant step toward practical CFA.
Related papers
- Boosting Device Utilization in Control Flow Auditing [47.36491265793223]
Control Flow (CFAud) is a mechanism wherein a remote verifier (Vrf) is guaranteed to received evidence about the control flow path taken on a prover (Prv) MCU, even when Prv software is compromised.<n>Current CFAud requires a busy-wait'' phase where root-of-anchored root-of-RoT in Prv retains execution to ensure delivery of flow evidence to Vrf.<n>CARAMEL is a hardware RoT co-design that enables Prv to resume while control flow evidence is transmitted to Vrf.
arXiv Detail & Related papers (2026-03-02T18:26:17Z) - Plug-and-Play Benchmarking of Reinforcement Learning Algorithms for Large-Scale Flow Control [61.155940786140455]
Reinforcement learning (RL) has shown promising results in active flow control (AFC)<n>Current AFC benchmarks rely on external computational fluid dynamics (CFD) solvers, are not fully differentiable, and provide limited 3D and multi-agent support.<n>We introduce FluidGym, the first standalone, fully differentiable benchmark suite for RL in AFC.
arXiv Detail & Related papers (2026-01-21T14:13:44Z) - Controllable LLM Reasoning via Sparse Autoencoder-Based Steering [66.36947132041657]
Large Reasoning Models (LRMs) exhibit human-like cognitive reasoning strategies.<n>Currently, reasoning strategies are autonomously selected by LRMs themselves.<n>Existing methods struggle to control fine-grained reasoning strategies due to conceptual entanglement in LRMs' hidden states.
arXiv Detail & Related papers (2026-01-07T05:26:26Z) - CFIghter: Automated Control-Flow Integrity Enablement and Evaluation for Legacy C/C++ Systems [42.67508633071825]
Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software.<n>We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects.
arXiv Detail & Related papers (2025-12-27T20:38:08Z) - A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity [40.46280139210502]
Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path.<n>We establish a taxonomy mapping LLVM's forward-edge CFI variants to memory corruption vulnerability classes.
arXiv Detail & Related papers (2025-08-21T09:23:24Z) - Is Less More? Exploring Token Condensation as Training-free Test-time Adaptation [43.09801987385207]
Contrastive Language-Image Pretraining (CLIP) excels at learning generalizable image representations but often falls short in zero-shot inference on certain datasets.<n>Test-time adaptation (TTA) mitigates this issue by adjusting components like normalization layers or context prompts, yet it typically requires large batch sizes and extensive augmentations.<n>We propose Token Condensation as Adaptation (TCA), a training-free adaptation method that takes a step beyond standard TC.
arXiv Detail & Related papers (2024-10-16T07:13:35Z) - TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems [9.32090482996659]
Control Flow Auditing (CFA) offers a means to detect control flow hijacking attacks on remote devices.
CFA generates a trace (CFLog) containing the destination of all branching instructions executed.
TraCES guarantees reliable delivery of periodic runtime reports even when Prv is compromised.
arXiv Detail & Related papers (2024-09-27T20:10:43Z) - SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
We propose SpecCFA: an approach for dynamic sub-path speculation in CFA.
SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
arXiv Detail & Related papers (2024-09-27T02:39:55Z) - A Comparative Study of Artificial Potential Fields and Reciprocal Control Barrier Function-based Safety Filters [10.525846641815788]
We show that controllers designed by artificial potential fields (APFs) can be derived from reciprocal control barrier function quadratic program (RCBF-QP) safety filters.<n>We further generalize the APF-based controllers to more general scenarios without restricting the choice of auxiliary functions.
arXiv Detail & Related papers (2024-03-23T07:14:27Z) - One for All and All for One: GNN-based Control-Flow Attestation for
Embedded Devices [16.425360892610986]
Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system.
Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state.
We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
arXiv Detail & Related papers (2024-03-12T10:00:06Z) - Safe Neural Control for Non-Affine Control Systems with Differentiable
Control Barrier Functions [58.19198103790931]
This paper addresses the problem of safety-critical control for non-affine control systems.
It has been shown that optimizing quadratic costs subject to state and control constraints can be sub-optimally reduced to a sequence of quadratic programs (QPs) by using Control Barrier Functions (CBFs)
We incorporate higher-order CBFs into neural ordinary differential equation-based learning models as differentiable CBFs to guarantee safety for non-affine control systems.
arXiv Detail & Related papers (2023-09-06T05:35:48Z) - Value Functions are Control Barrier Functions: Verification of Safe
Policies using Control Theory [46.85103495283037]
We propose a new approach to apply verification methods from control theory to learned value functions.
We formalize original theorems that establish links between value functions and control barrier functions.
Our work marks a significant step towards a formal framework for the general, scalable, and verifiable design of RL-based control systems.
arXiv Detail & Related papers (2023-06-06T21:41:31Z) - Bayes risk CTC: Controllable CTC alignment in Sequence-to-Sequence tasks [63.189632935619535]
Bayes risk CTC (BRCTC) is proposed to enforce the desired characteristics of the predicted alignment.
By using BRCTC with another preference for early emissions, we obtain an improved performance-latency trade-off for online models.
arXiv Detail & Related papers (2022-10-14T03:55:36Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Improved Mask-CTC for Non-Autoregressive End-to-End ASR [49.192579824582694]
Recently proposed end-to-end ASR system based on mask-predict with connectionist temporal classification (CTC)
We propose to enhance the network architecture by employing a recently proposed architecture called Conformer.
Next, we propose new training and decoding methods by introducing auxiliary objective to predict the length of a partial target sequence.
arXiv Detail & Related papers (2020-10-26T01:22:35Z) - Enabling certification of verification-agnostic networks via
memory-efficient semidefinite programming [97.40955121478716]
We propose a first-order dual SDP algorithm that requires memory only linear in the total number of network activations.
We significantly improve L-inf verified robust accuracy from 1% to 88% and 6% to 40% respectively.
We also demonstrate tight verification of a quadratic stability specification for the decoder of a variational autoencoder.
arXiv Detail & Related papers (2020-10-22T12:32:29Z) - Certified Reinforcement Learning with Logic Guidance [78.2286146954051]
We propose a model-free RL algorithm that enables the use of Linear Temporal Logic (LTL) to formulate a goal for unknown continuous-state/action Markov Decision Processes (MDPs)
The algorithm is guaranteed to synthesise a control policy whose traces satisfy the specification with maximal probability.
arXiv Detail & Related papers (2019-02-02T20:09:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.