Seminars

View all Seminars  |  Download ICal for this event

Whole-Program and Non-Bare-Metal Control-Flow Attestation

Series: Ph.D. Colloquium

Speaker: Nikita Yadav, Ph.D. (Engg) student, Dept. of CSA

Date/Time: Jun 23 14:30:00

Location: CSA Auditorium, (Room No. 104, Ground Floor)

Faculty Advisor: Prof. Vinod Ganapathy

Abstract:
Control-Flow Attestation (CFA) is a technique for verifying the integrity of program execution by attesting to its control-flow path. It is particularly useful for auditing execution, allowing one to prove that a program ran as expected or to perform a post-mortem analysis when execution deviates from expected behavior. Since its introduction in 2016, CFA has primarily been applied in the embedded systems domain. CFA techniques work by instrumenting the prover program to collect runtime control-flow path measurements, which are committed to a Trusted Execution Environment (TEE), such as the secure world of an ARM TrustZone-enabled processor. These measurements are signed by the TEE and later verified by a trusted verifier, who checks whether the program followed the expected path for a given input. However, two key challenges hinder the practical deployment of CFA: (1) scaling to whole-program execution, and (2) supporting complex environments beyond bare-metal systems, i.e., non-bare-metal settings where the prover program runs atop an operating system (OS). Existing CFA approaches often incur prohibitive runtime overhead when applied to entire programs and fail to remain secure in non-bare-metal environments due to potential OS-level adversaries. In this research, we addressed these limitations by answering two key questions: (1) What causes the high runtime overhead in existing CFA systems, and how can it be reduced? (2) How can CFA be made secure in non-bare-metal settings where the OS-level adversaries may compromise the system? Our first contribution is a system called BLAST. We showed that the performance bottleneck stems from the sub-optimal way that prior approaches instrument the prover program to measure the control-flow path taken, and that this approach fundamentally does not scale to attestation of whole programs. BLAST incorporated several new ideas to scale CFA to whole programs and reduced the runtime overhead. It reduced the number of TEE transitions that are used by prior approaches to record path attestation measurements. It did so using local logging, i.e., it stored measurements generated by the instrumentation in a protected log within the programs address space. We further optimized the instrumentation by adapting the idea of Ball-Larus numbering from the program profiling literature for CFA. Using the Ball-Larus numbering approach, we reduced instrumentation encountered at runtime compared to prior approaches. Our work brought whole-program CFA to the realm of feasibility. On a set of embedded benchmarks (Embench-IOT), it was able to attest whole-program control-flow paths while imposing an average runtime overhead of 67%, which is two orders of magnitude faster than pr ior approaches. Our second contribution is SULFUR, a system architecture to enable robust CFA of user-space programs in non-bare-metal environments. Robustness here means that the control-flow trace reflects the actual execution, even in the presence of a powerful OS-level adversary. We achieved this goal via a co-developed OS, SulfurOS, which runs in the Rich Execution Environment (REE) and enforces critical protections on both kernel and user-space components of CFA. This hardened REE preserves the environmental assumptions required for CFA to remain trustworthy. As a result, SULFUR can robustly attest to the control-flow of user-space prover programs even when the OS is not trusted. Our evaluation shows that SULFUR imposes only minimal additional overhead beyond existing CFA systems.