Proceedings of the 41st Annual Computer Security Applications Symposium (ACSAC 2025); pages TBD; Honolulu, Hawaii, USA December 8-12, 2025.
Control-flow attestation (CFA) allows a verifier 𝒱 to obtain fine-grained measurements of a program 𝒫 executing on a remote computing platform. This CFA measurement allows 𝒱 to precisely audit the program path followed within 𝒫 as it executes an input ℐ. However, CFA measurements must be collected and stored securely, e.g., in a TEE on the platform where 𝒫 executes, failing which it will not be an accurate record of 𝒫's execution. These requirements are satisfied relatively easily when 𝒫 executes atop bare hardware, as most prior CFA approaches have assumed.
This paper considers non-bare-metal settings in which 𝒫 executes as a user-level process atop an OS on the remote computing platform. Prior approaches to CFA are insecure in the presence of OS-level adversaries. We describe the design and implementation of a system called Sulfur that securely enables CFA of user-space applications in non-bare-metal settings. Sulfur accomplishes this goal via a co-developed OS called SulfurOS. SulfurOS makes novel use of security extensions available in commodity AArch64 hardware—privileged-access never and privileged-execute never. We experimentally show that Sulfur enables secure CFA with low runtime overheads in non-bare-metal settings.