Abstract
Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance requirements). In this paper, we propose a NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA) for the programs in embedded devices. Specifically, we propose a Granularity-Adaptive Control-Flow representation model to reduce the complexity of programs’ control-flow graph and propose NSGA-II-based granularity-adaptive strategy generation algorithm to balance the security and performance requirements. Besides, runtime protection for the GACFA at the program end with SGX is proposed to protect the integrity and confidentiality of control-flow measurement data. The experiments show that our work can find out the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. In addition, the security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios.
Highlights
With the rapid development of edge computing and IoT technology, more and more embedded devices are connected together and reach people’s daily works and lives, which brings us both convenience and security concerns
In order to balance the security and efficiency of Control-Flow Hijacking (CFH) attacks detection in a resource-constrained embedded environment, this paper proposes NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA), which take functions and basic blocks as different control-flow monitoring granularities
Our time cost is increased by 31.79% compared with the Coarse-Grained Control-Flow integrity Attestation (CGCFA), which cannot detect any basic block-level CFH attacks, our time cost is reduced by 56.99% compared with Fine-Grained Control-Flow integrity Attestation (FGCFA). is is because the necessary time of control-flow collection and measurement is greatly reduced compared to the FGCFA
Summary
With the rapid development of edge computing and IoT technology, more and more embedded devices are connected together and reach people’s daily works and lives, which brings us both convenience and security concerns. The fine-grained control-flow integrity measurement and attestation [6, 7] are proposed to verify runtime program control flow more accurately, since it obtains more context information in the granularity of basic block, but with increased overheads, which is not efficient for providing realtime and reliable services in mission critical systems, for example, industrial control system. In order to balance the security and efficiency of CFH attacks detection in a resource-constrained embedded environment, this paper proposes NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA), which take functions and basic blocks as different control-flow monitoring granularities. Rough genetic algorithm NSGA-II, basic block-level finegrained control-flow monitoring is performed on core functions that have a greater impact on program security, and function-level control-flow monitoring is performed on a noncore function In this way, the verifier can verify in runtime whether the program has suffered CFH attacks with balanced security and overhead costs. (4) We implement a proof of concept system of GACFA. e experiments show that our work can find the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. e security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.