Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS 2023); pages 2680-2694; Cophenhagen, Denmark, November 26-30, 2023.
Path attestation is an approach to remotely attest the execution of a program 𝒫. In path attestation, a prover platform, which executes 𝒫, convinces a remote verifier 𝒱 of the integrity of 𝒫 by recording the path that 𝒫 takes as it executes a particular input. While a number of prior techniques have been developed for path attestation, they have generally been applied to record paths only for parts of the execution of 𝒫. In this paper, we consider the problem of whole program control-flow path attestation, i.e., to attest the execution of the entire program path in 𝒫. We show that prior approaches for path attestation use sub-optimal techniques that fundamentally fail to scale to whole program paths, and impose a large runtime overhead on the execution of 𝒫. We then develop Blast, an approach that reduces these overheads using a number of novel approaches inspired by prior work from the program profiling literature. Our experiments show that Blast makes path attestation more practical for use on a wide variety of embedded programs.
Paper:
[
PDF
]
(© ACM)
Slides:
[
PDF
]
DOI:
[
10.1145/3576915.3616687
]