TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems
Adam Caulfield, Antonio Joia Neto, Norrathep Rattanavipanon, Ivan De Oliveira Nunes
TL;DR
TRACES tackles the shortage of guarantees in Control Flow Attestation by providing reliable delivery of runtime CF_{Log} and a remediation path for compromised Provers, using a TrustZone-M based TEE on commodity MCUs. It introduces a three-module Secure World architecture (CFA Engine, CFV Resolver, Supervisor) along with a formal protocol that logs control-flow events, proves integrity via a fresh challenge, and enforces remediation when needed. The approach is validated through a fully functional open-source prototype on an ARM Cortex-M33, with security analysis and end-to-end evaluation showing predictable overheads and effective attack detection. The practical impact is enabling auditable, remediable runtime assurance for low-cost embedded devices without requiring hardware fabrication or custom MCU modifications. The work therefore advances secure remote auditing and automated healing for real-world, resource-constrained systems.
Abstract
Control Flow Attestation (CFA) offers a means to detect control flow hijacking attacks on remote devices, enabling verification of their runtime trustworthiness. CFA generates a trace (CFLog) containing the destination of all branching instructions executed. This allows a remote Verifier (Vrf) to inspect the execution control flow on a potentially compromised Prover (Prv) before trusting that a value/action was correctly produced/performed by Prv. However, while CFA can be used to detect runtime compromises, it cannot guarantee the eventual delivery of the execution evidence (CFLog) to Vrf. In turn, a compromised Prv may refuse to send CFLog to Vrf, preventing its analysis to determine the exploit's root cause and appropriate remediation actions. In this work, we propose TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems. TRACES guarantees reliable delivery of periodic runtime reports even when Prv is compromised. This enables secure runtime auditing in addition to best-effort delivery of evidence in CFA. TRACES also supports a guaranteed remediation phase, triggered upon compromise detection to ensure that identified runtime vulnerabilities can be reliably patched. To the best of our knowledge, TRACES is the first system to provide this functionality on commodity devices (i.e., without requiring custom hardware modifications). To that end, TRACES leverages support from the ARM TrustZone-M Trusted Execution Environment (TEE). To assess practicality, we implement and evaluate a fully functional (open-source) prototype of TRACES atop the commodity ARM Cortex-M33 micro-controller unit.