🤖 AI Summary
This work addresses control-flow bending (CFB) attacks in remote attestation, which evade traditional detection by tampering with runtime data. The authors propose KS-CFA, a novel scheme implemented within the RISC-V Keystone trusted execution environment (TEE), that integrates symbolic execution with identification of input-source-dependent control-flow variables to log execution traces and external inputs. The verifier can then perform single-path symbolic replay to predict branch outcomes and precisely pinpoint deviations indicative of attacks. Without requiring path enumeration or hardware modifications, KS-CFA comprehensively covers four critical control-transfer types—indirect calls, conditional jumps, indirect jumps, and returns—significantly enhancing generality and efficiency. Experimental evaluation demonstrates execution overheads of 6.7–32.2× on both QEMU and FPGA platforms, while maintaining high verification accuracy and performance.
📝 Abstract
Control-flow attestation (CFA) enables a remote entity to verify program execution on a target device by monitoring control-flow behaviour at runtime. However, control-flow bending (CFB) attacks remain difficult to detect, where an adversary steers execution along legal edges of the program's control-flow graph by corrupting branch flags, loop counters, and other runtime data. Existing solutions impose significant drawbacks: they require enumerating vast measurement spaces, cover only a reduced subset of attacks, or rely on low-level hardware modifications. In this work, we present KS-CFA, a new CFA scheme that detects CFB attacks across four transfer types (indirect calls, conditional and indirect jumps, and returns) without those costs. To this end, we combine symbolic execution and selective identification of input-sourced control-flow dependent variables: a strict subset of control-flow-relevant state whose values are directly read from external input. The proving device records, inside a trusted execution environment (TEE), a control-flow trace and the external inputs that determine relevant run-time variables. The verifier then replays the reported path through single-path symbolic execution, predicting each transfer and localising divergences that signal an attack. We implement and evaluate KS-CFA using the RISC-V Keystone TEE and Embench-IoT on QEMU and a Rocket-based FPGA platform (NiteFury II). Prover-side overhead relative to unattested execution ranges from 6.8-20.5x on QEMU and 6.7-32.2x on the FPGA, and verification requires no path or value enumeration.