Whole-Program and Non-Bare-Metal Control-Flow Attestation

Abstract

Software attestation enables a remote entity to verify that a program executed as intended on an untrusted platform, with applications in domains such as embedded systems, Internet of Things (IoT), and cloud-edge computing. Control-Flow Attestation (CFA) is one such approach that verifies a program’s control-flow integrity by recording the path taken during its execution. In CFA, a prover platform convinces a remote verifier of the integrity of the prover program by recording the path that the program takes as it executes a particular input. While a number of techniques have been developed for CFA, there are two critical issues that have not been addressed. First, prior techniques have generally been applied to record paths only for parts of the prover program’s execution and does not scale to attestation of whole programs. Second, they are designed for bare-metal environments and are therefore not applicable in non-bare-metal environments. CFA measurements must be collected and stored securely, e.g., within a Trusted Execution Environment(TEE) on the platform where the program executes, failing which it will not be an accurate record of the program’s execution. These requirements are satisfied relatively easily when the program executes atop bare-metal hardware, as most prior CFA approaches have assumed. This dissertation develops new tools and techniques to address these two key challenges of the prior CFA techniques. It proposes efficient path measurement strategy and demonstrates that CFA can be applied securely to attest userspace programs running in non-bare-metal environments. Specifically, this dissertation makes the following contributions. First, it considers the problem of whole program control-flow attestation, i.e., to attest the execution of the entire prover program. It shows that prior approaches for CFA use sub-optimal techniques that fundamentally fail to scale to whole program paths, and impose a large runtime overhead on the execution of the prover program. It then develops Blast, an approach that reduces these overheads using a number of novel techniques inspired by prior work from the program profiling literature. Experimental results show that Blast enables whole-program CFA with an average runtime overhead of 67% on a suite of embedded benchmarks, making it practical for a wide range of applications. Second, it considers non-bare-metal control-flow attestation, in which the prover program executes as a user-level process atop an operating system (OS) on the remote computing platform. It shows that prior approaches to CFA are insecure in the presence of OS-level adversaries. It describes the design and implementation of a system called Sulfur that securely enables CFA of user-space applications in non-bare-metal settings. Sulfur accomplishes this goal via a codeveloped OS called SulfurOS. SulfurOS makes novel use of security extensions available in commodity AArch64 hardware—Privileged-Access Never (PAN) and Privileged-Execute Never (PXN). It experimentally shows that Sulfur enables secure CFA with low additional runtime overheads in non-bare-metal environments. Specifically, Sulfur contributes only an additional 1.94% overhead for CFA-based attestation of a program, compared to CFA-based attestation atop a commodity Linux OS. Together, these contributions advance the state-of-the-art in CFA by enabling scalable whole-program attestation and extending its applicability to non-bare-metal environments.