Control Flow Attestation (CFA) offers a means to detect control flow hijacking attacks on remote devices, enabling verification of their runtime trustworthiness. CFA generates a trace (CFLog) containing the destination of all branching instructions executed. This allows a remote Verifier (Vrf) to inspect the execution control flow on a potentially compromised Prover (Prv) before trusting that a value/action was correctly produced/performed by Prv. However, while CFA can be used to detect runtime compromises, it cannot guarantee the eventual delivery of the execution evidence (CFLog) to Vrf. In turn, a compromised Prv may refuse to send CFLog to Vrf, preventing its analysis to determine the exploit's root cause and appropriate remediation actions. In this work, we propose TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems. TRACES guarantees reliable delivery of periodic runtime reports even when Prv is compromised. This enables secure runtime auditing in addition to best-effort delivery of evidence in CFA. TRACES also supports a guaranteed remediation phase, triggered upon compromise detection to ensure that identified runtime vulnerabilities can be reliably patched. To the best of our knowledge, TRACES is the first system to provide this functionality on commodity devices (i.e., without requiring custom hardware modifications). To that end, TRACES leverages support from the ARM TrustZone-M Trusted Execution Environment (TEE). To assess practicality, we implement and evaluate a fully functional (open-source) prototype of TRACES atop the commodity ARM Cortex-M33 micro-controller unit.

翻译：控制流认证（CFA）提供了一种检测远程设备上控制流劫持攻击的方法，从而能够验证其运行时可信性。CFA生成一个包含所有已执行分支指令目的地的追踪记录（CFLog）。这使得远程验证方（Vrf）能够在信任证明方（Prv）正确生成/执行某个值/操作之前，检查可能已遭入侵的Prv上的执行控制流。然而，尽管CFA可用于检测运行时入侵，它无法保证执行证据（CFLog）最终能交付给Vrf。反过来，被入侵的Prv可能拒绝向Vrf发送CFLog，从而阻碍对其进行分析以确定漏洞的根本原因并采取适当的修复措施。在本研究中，我们提出了TRACES：基于可信执行环境的商用嵌入式系统运行时审计。TRACES即使在Prv被入侵的情况下，也能保证定期运行时报告的可靠交付。这除了实现CFA中证据的最大努力交付外，还支持安全的运行时审计。TRACES还支持一个保证执行的修复阶段，该阶段在检测到入侵时触发，以确保已识别的运行时漏洞能够得到可靠修补。据我们所知，TRACES是首个在商用设备（即无需定制硬件修改）上提供此功能的系统。为此，TRACES利用了ARM TrustZone-M可信执行环境（TEE）的支持。为评估其实用性，我们在商用ARM Cortex-M33微控制器单元上实现并评估了一个功能完整的TRACES（开源）原型系统。