Low-end embedded devices are increasingly used in various smart applications and spaces. They are implemented under strict cost and energy budgets, using microcontroller units (MCUs) that lack security features available in general-purpose processors. In this context, Remote Attestation (RA) was proposed as an inexpensive security service to enable a verifier (Vrf) to remotely detect illegal modifications to a software binary installed on a low-end prover MCU (Prv). Since attacks that hijack the software's control flow can evade RA, Control Flow Attestation (CFA) augments RA with information about the exact order in which instructions in the binary are executed, enabling detection of control flow attacks. We observe that current CFA architectures can not guarantee that Vrf ever receives control flow reports in case of attacks. In turn, while they support exploit detection, they provide no means to pinpoint the exploit origin. Furthermore, existing CFA requires either binary instrumentation, incurring significant runtime overhead and code size increase, or relatively expensive hardware support, such as hash engines. In addition, current techniques are neither continuous (only meant to attest self-contained operations) nor active (offer no secure means to remotely remediate detected compromises). To jointly address these challenges, we propose ACFA: a hybrid (hardware/software) architecture for Active CFA. ACFA enables continuous monitoring of all control flow transfers in the MCU and does not require binary instrumentation. It also leverages the recently proposed concept of Active Roots-of-Trust to enable secure auditing of vulnerability sources and guaranteed remediation when a compromise is detected. We provide an open-source reference implementation of ACFA on top of a commodity low-end MCU (TI MSP430) and evaluate it to demonstrate its security and cost-effectiveness.

翻译：低端嵌入式设备日益广泛地应用于各类智能应用及空间。这些设备在严格的成本与能耗预算下实现，采用缺乏通用处理器安全特性的微控制器单元（MCU）。在此背景下，远程认证（RA）被提出作为一种低成本安全服务，使验证者（Vrf）能够远程检测安装在低端证明者MCU（Prv）上的软件二进制文件是否遭到非法篡改。由于劫持软件控制流的攻击可规避RA，控制流认证（CFA）通过添加关于二进制指令执行精确顺序的信息来增强RA，从而实现对控制流攻击的检测。我们发现，当前的CFA架构无法保证在攻击发生时Vrf能收到控制流报告。此外，虽然它们支持漏洞检测，但无法精准定位漏洞来源。同时，现有CFA需要二进制插桩，导致显著运行时开销和代码体积增长，或需要相对昂贵的硬件支持（如哈希引擎）。此外，现有技术既不具备连续性（仅用于证明自包含操作），也不具备主动性（无法提供安全手段远程修复已检测到的入侵）。为联合解决这些挑战，我们提出ACFA：一种面向主动CFA的混合（硬件/软件）架构。ACFA能够持续监控MCU中所有控制流转移，且无需二进制插桩。它还利用近期提出的主动信任根概念，实现漏洞来源的安全审计，并在检测到入侵时保证修复。我们在商用低端MCU（TI MSP430）上提供ACFA的开源参考实现，并通过评估验证其安全性与成本效益。