Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

LightFAt: Mitigating Control-flow Explosion via Lightweight PMU-based Control-flow Attestation

Jeferson Gonzalez-Gomez, Hassan Nassar, Lars Bauer, Jorg Henkel

TL;DR

LightFAt tackles the overhead of dynamic control-flow attestation by replacing exhaustive cryptographic hashing with processor PMU signals (IPC and L1 cache accesses) coupled with an unsupervised LOF-based detector. By focusing on normal execution patterns and using trigger-point instrumentation, it achieves over 95% detection accuracy with minimal prover overhead (~1.26%) and fast verifier-side inference. The approach demonstrates practical CFA for OS-based devices without extra hardware, capable of mitigating control-flow exploits in realistic IoT-like applications. This work offers a viable path toward scalable, low-overhead remote attestation with strong resilience to CFA-based attacks.

Abstract

With the continuous evolution of computational devices, more and more applications are being executed remotely. The applications operate on a wide spectrum of devices, ranging from IoT nodes with low computational capabilities to large cloud providers with high capabilities. Remote execution often deals with sensitive data or executes proprietary software. Hence, the challenge of ensuring that the code execution will not be compromised rises. Remote Attestation deals with this challenge. It ensures the code is executed in a non-compromised environment by calculating a potentially large sequence of cryptographic hash values. Each hash calculation is computationally intensive and over a large sequence the overhead becomes extremely high. In this work, we propose LightFAt: a Lightweight Control Flow Attestation scheme. Instead of relying on the expensive cryptographic hash calculation, LightFAt leverages the readings from the processor's Performance Monitor Unit (PMU) in conjunction with a lightweight unsupervised machine learning (ML) classifier to detect whether a target application's control flow is compromised, hence improving the system's security. On the verifier's side, LightFAt reaches a detection accuracy of over 95%, with low false-negative and false-positive rates.

LightFAt: Mitigating Control-flow Explosion via Lightweight PMU-based Control-flow Attestation

TL;DR

LightFAt tackles the overhead of dynamic control-flow attestation by replacing exhaustive cryptographic hashing with processor PMU signals (IPC and L1 cache accesses) coupled with an unsupervised LOF-based detector. By focusing on normal execution patterns and using trigger-point instrumentation, it achieves over 95% detection accuracy with minimal prover overhead (~1.26%) and fast verifier-side inference. The approach demonstrates practical CFA for OS-based devices without extra hardware, capable of mitigating control-flow exploits in realistic IoT-like applications. This work offers a viable path toward scalable, low-overhead remote attestation with strong resilience to CFA-based attacks.

Abstract

With the continuous evolution of computational devices, more and more applications are being executed remotely. The applications operate on a wide spectrum of devices, ranging from IoT nodes with low computational capabilities to large cloud providers with high capabilities. Remote execution often deals with sensitive data or executes proprietary software. Hence, the challenge of ensuring that the code execution will not be compromised rises. Remote Attestation deals with this challenge. It ensures the code is executed in a non-compromised environment by calculating a potentially large sequence of cryptographic hash values. Each hash calculation is computationally intensive and over a large sequence the overhead becomes extremely high. In this work, we propose LightFAt: a Lightweight Control Flow Attestation scheme. Instead of relying on the expensive cryptographic hash calculation, LightFAt leverages the readings from the processor's Performance Monitor Unit (PMU) in conjunction with a lightweight unsupervised machine learning (ML) classifier to detect whether a target application's control flow is compromised, hence improving the system's security. On the verifier's side, LightFAt reaches a detection accuracy of over 95%, with low false-negative and false-positive rates.
Paper Structure (16 sections, 4 figures, 2 tables)

This paper contains 16 sections, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Remote Attestation
  4. Control Flow Explosion
  5. Performance Monitor Unit (PMU)
  6. Machine Learning and Remote Attestation
  7. Our Lightweight Control-flow Attestation
  8. Target System, Threat Model, and Assumptions
  9. LightFAt Attestation Flow
  10. ML-based Remote Attestation
  11. Evaluation
  12. Custom Vulnerable Application
  13. Experimental Setup and Data Collection
  14. ML Model Evaluation
  15. Security and performance trade-off
  16. ...and 1 more sections

Figures (4)

  • Figure 1: Example for a Control Flow Graph. With the several jumps and loops keeping track of each possible path becomes impractical.
  • Figure 2: Overview of the LightFAt attestation flow including the prover and the remote verifier entities
  • Figure 3: Overview of the ML-based verifier in LightFAt
  • Figure 4: Overview of the control-flow attack paths on a vulnerable custom application