C-FLAT: Control-flow attestation for embedded systems software

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 24-28-October-2016, Issue , 2016, Pages 743-754

  Abera, Tigist ^a   Asokan, N ^b   Davi, Lucas ^a   Ekberg, Jan Erik ^c   Nyman, Thomas ^b,c   Paverd, Andrew ^b   Sadeghi, Ahmad Reza ^a   Tsudik, Gene ^d  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b AALTO UNIVERSITY   (Finland)

^c Trustonic   (Finland)

^d UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Control flow attacks; Embedded system security; Remote attestation

Indexed keywords

EMBEDDED SYSTEMS; MALWARE;

CONTROL FLOWS; CYBER PHYSICALS; DESIGN AND IMPLEMENTATIONS; EMBEDDED SYSTEMS SOFTWARE; PROTOTYPE IMPLEMENTATIONS; REMOTE ATTESTATION; RETURN-ORIENTED PROGRAMMING; SECURITY SERVICES;

C (PROGRAMMING LANGUAGE);

EID: 84995527905     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2976749.2978358     Document Type: Conference Paper

References (47)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM TISSEC, 13(1), 2009.
2. T. Abera, N. Asokan, L. Davi, J. Ekberg, T. Nyman, A. Paverd, A. Sadeghi, and G. Tsudik. C-FLAT: control-flow attestation for embedded systems software. CoRR, abs/1605.07763, 2016.
3. Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(14), 2000.
4. ARM Limited. ARM Security Technology - Building a Secure System using TrustZone Technology, 2009.
5. ARM Ltd. Procedure call standard for the ARM architecture, 2009.
6. K. A. Bailey and S. W. Smith. Trusted virtual containers on demand. In ACM-CCS-STC, 2010.
7. T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang. Jump-oriented programming: A new class of code-reuse attack. In ACM ASIACCS, 2011.
8. F. Brasser, B. El Mahjoub, A.-R. Sadeghi, C. Wachsmann, and P. Koeberl. TyTAN: Tiny Trust Anchor for Tiny Devices. In ACM/IEEE Design Automation Conference, 2015.
9. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to RISC. In ACM CCS, 2008.
10. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM CCS, 2010.
11. D. D. Chen, M. Egele, M. Woo, and D. Brumley. Towards automated dynamic analysis for Linux-based embedded firmware. In ISOC NDSS, 2016.
12. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In USENIX Security, 2005.
13. F. B. Cohen. Operating system protection through program evolution. Computer & Security, 12(6), 1993.
14. A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A large scale analysis of the security of embedded firmwares. In USENIX Security, 2014.
15. L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi. MoCFI: A framework to mitigate control-flow attacks on smartphones. In ISOC NDSS, 2012.
16. L. Davi, D. Lehmann, A.-R. Sadeghi, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX Security, 2014.
17. L. Davi, A.-R. Sadeghi, and M. Winandy. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In ACM CCS-STC, 2009.
18. K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito. SMART: secure and minimal architecture for (establishing dynamic) root of trust. In ISOC NDSS, 2012.
19. A. Francillon and C. Castelluccia. Code injection attacks on Harvard-architecture devices. In ACM CCS, 2008.
20. V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation: A virtual machine directed approach to trusted computing. In Virtual Machine Research And Technology Symposium, 2004.
21. H. Hu, S. Shinde, S. Adrian, Z. L. Chua, P. Saxena, and Z. Liang. Data-oriented programming: On the effectiveness of non-control data attacks. In IEEE S&P, 2016.
22. C. Kil, E. Sezer, A. Azab, P. Ning, and X. Zhang. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In IEEE/IFIP DSN, 2009.
23. P. Kocher, R. Lee, G. McGraw, and A. Raghunathan. Security as a new dimension in embedded system design. In ACM/IEEE Design Automation Conference, 2004.
24. P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A security architecture for tiny embedded devices. In ACM SIGOPS EuroSys, 2014.
25. T. Kornau. Return oriented programming for the ARM architecture. Master's thesis, Ruhr-University Bochum, 2009.
26. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In USENIX OSDI, 2014.
27. P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated software diversity. In IEEE S&P, 2014.
28. Y. Li, J. M. McCune, and A. Perrig. VIPER: Verifying the Integrity of PERipherals' Firmware. In ACM CCS, 2011.
29. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P, 2010.
30. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS EuroSys, 2008.
31. Microsoft. Data execution prevention (DEP), 2006.
32. J. Noorman, P. Agten, W. Daniels, R. Strackx, A. V. Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In USENIX Security, 2013.
33. M. Paolino, A. Rigo, A. Spyridakis, J. Fanguède, P. Lalov, and D. Raho. T-KVM: A trusted architecture for KVM ARM v7 and v8 virtual machines. In IARIA Cloud Computing, 2015.
34. R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM TISSEC, 15(1):2:1-2:34, 2012.
35. A.-R. Sadeghi and C. Stüble. Property-based attestation for computing platforms: Caring about properties, not mechanisms. In NSPW, 2004.
36. F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In IEEE S&P, 2015.
37. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In ACM SIGOPS Operating Systems Review, 2005.
38. A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: Software-based attestation for embedded devices. In IEEE S&P, 2004.
39. H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM CCS, 2007.
40. K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE S&P, 2013.
41. Solar Designer. lpr LIBC RETURN exploit, 1997.
42. L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In IEEE S&P, 2013.
43. C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ú. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in GCC & LLVM. In USENIX Security, 2014.
44. J. Viega and H. Thompson. The state of embedded-device security (spoiler alert: It's bad). IEEE Security & Privacy, 10(5):68-70, 2012.
45. B. Wijnen, E. J. Hunt, G. C. Anzalone, and J. M. Pearce. Open-source syringe pump library. PloS one, 9(9):e107216, jan 2014.
46. J. Yiu. ARMv8-M architecture technical overview. https://community.arm.com/docs/DOC-10896, 2015.
47. M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX Security, 2013.