Trusted Execution Environments (TEEs) allow the secure execution of code on remote systems without the need to trust their operators. They use static attestation as a central mechanism for establishing trust, allowing remote parties to verify that their code is executed unmodified in an isolated environment. However, this form of attestation does not cover runtime attacks, where an attacker exploits vulnerabilities in the software inside the TEE. Control Flow Attestation (CFA), a form of runtime attestation, is designed to detect such attacks. In this work, we present a method to extend TEEs with CFA and discuss how it can prevent exploitation in the event of detected control flow violations. Furthermore, we introduce HPCCFA, a mechanism that uses HPCs for CFA purposes, enabling hardware-backed trace generation on commodity CPUs. We demonstrate the feasibility of HPCCFA on a proof-of-concept implementation for Keystone on RISC-V. Our evaluation investigates the interplay of the number of measurement points and runtime protection, and reveals a trade-off between detection reliability and performance overhead.

翻译：可信执行环境（TEE）允许在远程系统上安全执行代码，无需信任其操作者。它们将静态认证作为建立信任的核心机制，使远程方能够验证其代码在隔离环境中未经修改地执行。然而，这种认证形式不涵盖运行时攻击——即攻击者利用TEE内部软件漏洞进行的攻击。控制流认证（CFA）作为一种运行时认证形式，旨在检测此类攻击。本文提出一种将CFA扩展至TEE的方法，并讨论在检测到控制流违规时如何防止漏洞利用。此外，我们引入HPCCFA机制，利用硬件性能计数器（HPC）实现基于硬件的迹生成，从而在商用CPU上运行。我们通过在RISC-V架构的Keystone平台上实施概念验证，证明了HPCCFA的可行性。评估揭示了测量点数量与运行时保护之间的相互作用，并展示了检测可靠性与性能开销之间的权衡。