research-article

C-FLAT: Control-Flow Attestation for Embedded Systems Software

Authors:

Jan-Erik Ekberg,

Ahmad-Reza Sadeghi,

Gene TsudikAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 743 - 754

https://doi.org/10.1145/2976749.2978358

Published: 24 October 2016 Publication History

Abstract

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to runtime attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive runtime remote attestation, we present the design and implementation of Control-FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

References

[1]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM TISSEC, 13(1), 2009.

Digital Library

[2]

T. Abera, N. Asokan, L. Davi, J. Ekberg, T. Nyman, A. Paverd, A. Sadeghi, and G. Tsudik. C-FLAT: control-flow attestation for embedded systems software. CoRR, abs/1605.07763, 2016.

Digital Library

[3]

Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(14), 2000.

[4]

ARM Limited. ARM Security Technology - Building a Secure System using TrustZone Technology, 2009.

[5]

ARM Ltd. Procedure call standard for the ARM architecture, 2009.

[6]

K. A. Bailey and S. W. Smith. Trusted virtual containers on demand. In ACM-CCS-STC, 2010.

Digital Library

[7]

T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang. Jump-oriented programming: A new class of code-reuse attack. In ACM ASIACCS, 2011.

Digital Library

[8]

F. Brasser, B. El Mahjoub, A.-R. Sadeghi, C. Wachsmann, and P. Koeberl. TyTAN: Tiny Trust Anchor for Tiny Devices. In ACM/IEEE Design Automation Conference, 2015.

Digital Library

[9]

E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to RISC. In ACM CCS, 2008.

Digital Library

[10]

S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM CCS, 2010.

Digital Library

[11]

D. D. Chen, M. Egele, M. Woo, and D. Brumley. Towards automated dynamic analysis for Linux-based embedded firmware. In ISOC NDSS, 2016.

[12]

S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In USENIX Security, 2005.

Digital Library

[13]

F. B. Cohen. Operating system protection through program evolution. Computer & Security, 12(6), 1993.

Digital Library

[14]

A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A large scale analysis of the security of embedded firmwares. In USENIX Security, 2014.

Digital Library

[15]

L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi. MoCFI: A framework to mitigate control-flow attacks on smartphones. In ISOC NDSS, 2012.

[16]

L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX Security, 2014.

Digital Library

[17]

L. Davi, A.-R. Sadeghi, and M. Winandy. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In ACM CCS-STC, 2009.

Digital Library

[18]

K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito. SMART: secure and minimal architecture for (establishing dynamic) root of trust. In ISOC NDSS, 2012.

[19]

A. Francillon and C. Castelluccia. Code injection attacks on Harvard-architecture devices. In ACM CCS, 2008.

Digital Library

[20]

V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation: A virtual machine directed approach to trusted computing. In Virtual Machine Research And Technology Symposium, 2004.

Digital Library

[21]

H. Hu, S. Shinde, S. Adrian, Z. L. Chua, P. Saxena, and Z. Liang. Data-oriented programming: On the effectiveness of non-control data attacks. In IEEE S&P, 2016.

[22]

C. Kil, E. Sezer, A. Azab, P. Ning, and X. Zhang. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In IEEE/IFIP DSN, 2009.

[23]

P. Kocher, R. Lee, G. McGraw, and A. Raghunathan. Security as a new dimension in embedded system design. In ACM/IEEE Design Automation Conference, 2004.

Digital Library

[24]

P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A security architecture for tiny embedded devices. In ACM SIGOPS EuroSys, 2014.

Digital Library

[25]

T. Kornau. Return oriented programming for the ARM architecture. Master's thesis, Ruhr-University Bochum, 2009.

[26]

V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In USENIX OSDI, 2014.

Digital Library

[27]

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated software diversity. In IEEE S&P, 2014.

Digital Library

[28]

Y. Li, J. M. McCune, and A. Perrig. VIPER: Verifying the Integrity of PERipherals' Firmware. In ACM CCS, 2011.

Digital Library

[29]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P, 2010.

Digital Library

[30]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS EuroSys, 2008.

Digital Library

[31]

Microsoft. Data execution prevention (DEP), 2006.

[32]

J. Noorman, P. Agten, W. Daniels, R. Strackx, A. V. Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In USENIX Security, 2013.

Digital Library

[33]

M. Paolino, A. Rigo, A. Spyridakis, J. Fanguède, P. Lalov, and D. Raho. T-KVM: A trusted architecture for KVM ARM v7 and v8 virtual machines. In IARIA Cloud Computing, 2015.

[34]

R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM TISSEC, 15(1):2:1--2:34, 2012.

Digital Library

[35]

A.-R. Sadeghi and C. Stüble. Property-based attestation for computing platforms: Caring about properties, not mechanisms. In NSPW, 2004.

Digital Library

[36]

F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C+ applications. In IEEE S&P, 2015.

Digital Library

[37]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In ACM SIGOPS Operating Systems Review, 2005.

Digital Library

[38]

A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: Software-based attestation for embedded devices. In IEEE S&P, 2004.

[39]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM CCS, 2007.

Digital Library

[40]

K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE S&P, 2013.

Digital Library

[41]

Solar Designer. lpr LIBC RETURN exploit, 1997.

[42]

L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In IEEE S&P, 2013.

Digital Library

[43]

C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ú. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in GCC & LLVM. In USENIX Security, 2014.

Digital Library

[44]

J. Viega and H. Thompson. The state of embedded-device security (spoiler alert: It's bad). IEEE Security & Privacy, 10(5):68--70, 2012.

Digital Library

[45]

B. Wijnen, E. J. Hunt, G. C. Anzalone, and J. M. Pearce. Open-source syringe pump library. PloS one, 9(9):e107216, jan 2014.

[46]

J. Yiu. ARMv8-M architecture technical overview. https://community.arm.com/docs/DOC-10896, 2015.

[47]

M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX Security, 2013.

Digital Library

Cited By

W. Kibret S(2025)Fusion of Blockchain and Machine Learning: A Case of Secure Smart GridNavigating the Internet of Things in the 22nd Century - Concepts, Applications, and Innovations10.5772/intechopen.1008459Online publication date: 3-Feb-2025
https://doi.org/10.5772/intechopen.1008459
Fang DPeng AGuan Lvan der Kouwe Evon Gleissenthall KWang WZhang YSun L(2025)InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write MonitoringIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.339906822:1(343-358)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3399068
Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Show More Cited By

Index Terms

C-FLAT: Control-Flow Attestation for Embedded Systems Software
1. Security and privacy
  1. Software and application security
  2. Systems security

Recommendations

Log-Based Control Flow Attestation for Embedded Devices
Cyberspace Safety and Security
Abstract
Remote attestation is a very important mechanism helping a trusted party to get the status of a remote embedded device. Most remote attestation schemes aim at checking the code integrity and leave devices vulnerable to runtime attacks. Recently a ...
AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance
Abstract
The Internet of Things (IoT) network is comprised of heterogeneous devices which are part of critical infrastructures throughout the world. To enable end-to-end security, the Public Key Infrastructure (PKI) is undergoing advancements ...
OPERA: Open Remote Attestation for Intel's Secure Enclaves
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Intel Software Guard Extensions (SGX) remote attestation enables enclaves to authenticate hardware inside which they run, and attest the integrity of their enclave memory to the remote party. To enforce direct control of attestation, Intel mandates ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

186
Total Citations
View Citations
2,822
Total Downloads

Downloads (Last 12 months)286
Downloads (Last 6 weeks)41

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

W. Kibret S(2025)Fusion of Blockchain and Machine Learning: A Case of Secure Smart GridNavigating the Internet of Things in the 22nd Century - Concepts, Applications, and Innovations10.5772/intechopen.1008459Online publication date: 3-Feb-2025
https://doi.org/10.5772/intechopen.1008459
Fang DPeng AGuan Lvan der Kouwe Evon Gleissenthall KWang WZhang YSun L(2025)InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write MonitoringIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.339906822:1(343-358)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3399068
Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Sha ZShepherd CRafi AMarkantonakis K(2025)Control-flow attestation: Concepts, solutions, and open challengesComputers & Security10.1016/j.cose.2024.104254150(104254)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104254
Dushku EDragoni N(2025)Remote Attestation in IoT DevicesEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1782(2089-2092)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1782
Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Nalbant KAlmutairi SAlshehri AKemal HAlsuhibany SChoi B(2024)An efficient algorithm for data transmission certainty in IIoT sensing network: A priority-based approachPLOS ONE10.1371/journal.pone.030509219:7(e0305092)Online publication date: 17-Jul-2024
https://doi.org/10.1371/journal.pone.0305092
Rusconi DZoia MBuccioli LPierazzi FBruschi DCavallaro LToffalini FLanzi AFawaz KAlmgren M(2024)EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded SystemsProceedings of the Sixth Workshop on CPS&IoT Security and Privacy10.1145/3690134.3694815(55-67)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3690134.3694815
Kretz IRowe PParran CRamsdell J(2024)Evidence Tampering and Chain of Custody in Layered AttestationsProceedings of the 26th International Symposium on Principles and Practice of Declarative Programming10.1145/3678232.3678244(1-11)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678232.3678244
Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten