ZEKRA: Zero-Knowledge Control-Flow Attestation

Debes, Heini Bergsson; Dushku, Edlira; Giannetsos, Thanassis; Marandi, Ali

doi:10.1145/3579856.3582833

Cited by 2 publications

(1 citation statement)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In general, while CFA provides strong security guarantees and verifiable evidence on the correctness of a device's configuration and execution, enforcing control-flow integrity in a practical way is challenging due to the inefficiency of existing tracing solutions. Despite sustained interest in CFA, current approaches try to overcome these limitations by either targeting (custom) optimized generation of CFGs (LO-FAT [5], LiteHAX [6], SCAPI [7] and BLINDTRUST [8]) or leveraging hardware features ( [9], CFIMon [10], µCFI [11], PITTYPAT [12], PT-CFI [13] and C-ITS [14]). That is, current mechanisms require the physical devices to be equipped with specialised hardware components to enable tracing.…”

Section: Introductionmentioning

confidence: 99%

Towards Efficient Control-Flow Attestation with Software-Assisted Multi-level Execution Tracing

Papamartzivanos

Menesidou

Gouvas

et al. 2021

2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)

View full text Add to dashboard Cite

In the face of an increasing attack landscape, it is necessary to cater for efficient mechanisms to verify software and device integrity for detecting run-time modifications in nextgeneration systems-of-systems. In this context, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device's configuration integrity and behavioural execution correctness. However, most of the existing families of attestation solutions suffer from the lack of softwarebased mechanisms for the efficient extraction of rigid control-flow information. This limits their applicability to only those cyberphysical systems equipped with additional hardware support. This paper proposes a multi-level execution tracing framework capitalizing on recent software features, namely the extended Berkeley Packet Filter and Intel Processor Trace technologies, that can efficiently capture the entire platform configuration and control-flow stacks, thus, enabling wide attestation coverage capabilities that can be applied on both resource-constrained devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable tracing solution eliminating the need for federated infrastructure trust.

show abstract