At the edge of modern cyber-physical systems, Micro-Controller Units (MCUs) are responsible for safety-critical sensing/actuation. However, MCU cost constraints rule out the usual security mechanisms of general-purpose computers. Thus, various low-cost security architectures have been proposed to remotely verify MCU software integrity. Control Flow Attestation (CFA) enables a Verifier (Vrf) to remotely assess the run-time behavior of a prover MCU (Prv), generating an authenticated trace of all of Prv control flow transfers (CFLog). Further, Control Flow Auditing architectures augment CFA by guaranteeing the delivery of evidence to Vrf. Unfortunately, a limitation of existing CFA lies in the cost to store and transmit CFLog, as even simple MCU software may generate large traces. Given these issues, prior work has proposed static (context-insensitive) optimizations. However, they do not support configurable program-specific optimizations. In this work, we note that programs may produce unique predictable control flow sub-paths and argue that program-specific predictability can be leveraged to dynamically optimize CFA while retaining all security guarantees. Therefore, we propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA allows Vrf to securely speculate on likely control flow sub-paths for each attested program. At run-time, when a sub-path in CFLog matches a pre-defined speculation, the entire sub-path is replaced by a reserved symbol. SpecCFA can speculate on multiple variable-length control flow sub-paths simultaneously. We implement SpecCFA atop two open-source control flow auditing architectures: one based on a custom hardware design and one based on a commodity Trusted Execution Environment (ARM TrustZone-M). In both cases, SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.

翻译：在现代信息物理系统的边缘，微控制器单元（MCU）负责安全关键的传感/驱动任务。然而，MCU的成本限制排除了通用计算机常用的安全机制。因此，学界提出了多种低成本安全架构以实现对MCU软件完整性的远程验证。控制流证明（CFA）使验证方（Vrf）能够远程评估证明方MCU（Prv）的运行时行为，生成所有Prv控制流转移的认证轨迹（CFLog）。此外，控制流审计架构通过保证证据交付至Vrf来增强CFA。遗憾的是，现有CFA的局限在于存储和传输CFLog的成本较高，因为即使简单的MCU软件也可能生成庞大的轨迹。针对这些问题，先前研究提出了静态（上下文不敏感）优化方案，但无法支持可配置的程序特定优化。本工作中，我们注意到程序可能产生独特的可预测控制流子路径，并论证可利用程序特定的可预测性在保持所有安全保证的前提下动态优化CFA。为此，我们提出SpecCFA：一种在CFA中实现动态子路径推测的方法。SpecCFA允许Vrf为每个被证明程序安全地推测可能的控制流子路径。在运行时，当CFLog中的子路径与预定义的推测匹配时，整个子路径将被替换为预留符号。SpecCFA可同时推测多个可变长度的控制流子路径。我们在两种开源控制流审计架构上实现了SpecCFA：一种基于定制硬件设计，另一种基于商用可信执行环境（ARM TrustZone-M）。两种场景下，SpecCFA均显著降低了对于资源受限MCU至关重要的存储/性能开销。