NSGA-II-Based Granularity-Adaptive Control-Flow Attestation

Abstract: Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance require… Show more

“…e experimental results of the runtime overhead are shown in Table 5. We compare the MGC-FA [7] and GACFA [8] with our BDFCFA scheme. e experimental data on the runtime overhead of MGC-FA come from the literature [7].…”

“…e scheme when p = 0 is the same as the control flow checking scheme in the literature [33], and the scheme when p = 1 is the same as the control flow checking scheme in the literature [8]. Runtime overhead is the average value obtained after the experiment is repeated many times.…”

“…is adds overhead as it gets more contextual information at the basic block level. To balance runtime overhead and control flow security, some people have proposed a mutable control flow attestation scheme based on probability prediction [7] and a granularity adaptive control flow attestation scheme based on Non-dominated Sorting Genetic Algorithm-II (NSGA-II) [8]. A log-based control flow attestation scheme [9] has also been proposed to deal with ROP [2] attacks and uses Physical Unclonable Functions (PUF) as a lightweight root of trust for the prover.…”

“…Moreover, the resources of the embedded devices are limited. Although MGC-FA [7] and GACFA [8] reduce runtime overhead to a certain extent, it comes at the cost of reducing control flow security. We use a simplified control flow representation model to effectively reduce the runtime overhead without reducing the security of the control flow, making the whole scheme more suitable for resource-constrained embedded devices.…”

“…It is then subjected to lightweight coarse-grained checks and expensive finegrained checks, respectively, balancing runtime overhead and control flow security. GACFA [8] optimizes the security and performance overhead of the attestation of the control flow of the program using the NSGA-II algorithm and then adaptively performs coarse-and fine-grained checks on the functions in the program according to the optimization results, thus reducing the performance overhead. Liu et al [9] proposed to record the control flow through a program status log, and the verifier can effectively verify whether the target program has been damaged using the information in the log.…”

Blockchain-Assisted Distributed Fog Computing Control Flow Attestation

“…e experimental results of the runtime overhead are shown in Table 5. We compare the MGC-FA [7] and GACFA [8] with our BDFCFA scheme. e experimental data on the runtime overhead of MGC-FA come from the literature [7].…”

“…e scheme when p = 0 is the same as the control flow checking scheme in the literature [33], and the scheme when p = 1 is the same as the control flow checking scheme in the literature [8]. Runtime overhead is the average value obtained after the experiment is repeated many times.…”

“…is adds overhead as it gets more contextual information at the basic block level. To balance runtime overhead and control flow security, some people have proposed a mutable control flow attestation scheme based on probability prediction [7] and a granularity adaptive control flow attestation scheme based on Non-dominated Sorting Genetic Algorithm-II (NSGA-II) [8]. A log-based control flow attestation scheme [9] has also been proposed to deal with ROP [2] attacks and uses Physical Unclonable Functions (PUF) as a lightweight root of trust for the prover.…”

“…Moreover, the resources of the embedded devices are limited. Although MGC-FA [7] and GACFA [8] reduce runtime overhead to a certain extent, it comes at the cost of reducing control flow security. We use a simplified control flow representation model to effectively reduce the runtime overhead without reducing the security of the control flow, making the whole scheme more suitable for resource-constrained embedded devices.…”

“…It is then subjected to lightweight coarse-grained checks and expensive finegrained checks, respectively, balancing runtime overhead and control flow security. GACFA [8] optimizes the security and performance overhead of the attestation of the control flow of the program using the NSGA-II algorithm and then adaptively performs coarse-and fine-grained checks on the functions in the program according to the optimization results, thus reducing the performance overhead. Liu et al [9] proposed to record the control flow through a program status log, and the verifier can effectively verify whether the target program has been damaged using the information in the log.…”

Blockchain-Assisted Distributed Fog Computing Control Flow Attestation

A Convolution Neural Network Based VANET Traffic Control System in a Smart City

Control-flow attestation: Concepts, solutions, and open challenges