LO-FAT: Low-Overhead Control Flow ATtestation in Hardware
This addresses security vulnerabilities in embedded systems for applications requiring low-overhead trust establishment, though it is incremental as it builds on existing hardware features.
The paper tackles the problem of detecting control-flow attacks in embedded systems by introducing LO-FAT, a hardware-based approach that avoids software instrumentation, resulting in no processor stalls and reasonable area overhead in a RISC-V SoC implementation.
Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in embedded devices. However, existing attestation schemes are either static and cannot detect control-flow attacks, or require instrumentation of software incurring high performance overheads. To overcome these limitations, we present LO-FAT, the first practical hardware-based approach to control-flow attestation. By leveraging existing processor hardware features and commonly-used IP blocks, our approach enables efficient control-flow attestation without requiring software instrumentation. We show that our proof-of-concept implementation based on a RISC-V SoC incurs no processor stalls and requires reasonable area overhead.