Abstract:Control Flow Attestation (CFA) offers a means to detect control flow hijacking attacks on remote devices, enabling verification of their runtime trustworthiness. CFA generates a trace (CFLog) containing the destination of all branching instructions executed. This allows a remote Verifier (Vrf) to inspect the execution control flow on a potentially compromised Prover (Prv) before trusting that a value/action was correctly produced/performed by Prv. However, while CFA can be used to detect runtime compromises, it cannot guarantee the eventual delivery of the execution evidence (CFLog) to Vrf. In turn, a compromised Prv may refuse to send CFLog to Vrf, preventing its analysis to determine the exploit's root cause and appropriate remediation actions. In this work, we propose TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems. TRACES guarantees reliable delivery of periodic runtime reports even when Prv is compromised. This enables secure runtime auditing in addition to best-effort delivery of evidence in CFA. TRACES also supports a guaranteed remediation phase, triggered upon compromise detection to ensure that identified runtime vulnerabilities can be reliably patched. To the best of our knowledge, TRACES is the first system to provide this functionality on commodity devices (i.e., without requiring custom hardware modifications). To that end, TRACES leverages support from the ARM TrustZone-M Trusted Execution Environment (TEE). To assess practicality, we implement and evaluate a fully functional (open-source) prototype of TRACES atop the commodity ARM Cortex-M33 micro-controller unit.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is: Although the existing Control - Flow Authentication (CFA) techniques can detect control - flow hijacking attacks at runtime, they cannot ensure that the Execution Evidence (CFLog) is finally sent to the remote verifier (Vrf). Once the prover (Prv) is compromised, it may refuse to send CFLog, thus preventing the analysis of the root cause of the attack and appropriate remedial measures. To solve this problem, the paper proposes the TRACES system. TRACES aims to ensure that periodic runtime reports can be reliably delivered to Vrf even when Prv is compromised. In addition, TRACES also supports a guaranteed remediation phase triggered after the detection of a compromise to ensure that the identified runtime vulnerabilities can be reliably patched. TRACES is the first system to achieve this function on ordinary commercial embedded systems without custom hardware modifications. ### Main Contributions 1. **TRACES Design**: TRACES is the first design to achieve secure runtime auditing on off - the - shelf commercial Microcontroller Units (MCU). TRACES utilizes the ARM TrustZone - M Trusted Execution Environment (TEE), combined with the CFA engine and supervisor to record control - flow transfers and force the reliable delivery of CFLog to Vrf. In addition, TRACES supports remediation measures configured by Vrf. 2. **Prototype Implementation and Evaluation**: The authors implemented a fully - functional open - source prototype of TRACES on the ARM Cortex - M33 MCU and evaluated it. The evaluation includes security analysis for multiple embedded programs, performance evaluation, and empirical evaluation under example attacks. ### Key Points of the Solution - **Reliable CFLog Transmission**: By using TEE and timed interrupts, TRACES ensures that CFLog can be regularly transmitted to Vrf even when Prv is compromised. - **Remediation Mechanism**: When a compromise is detected, TRACES can trigger remediation measures, such as clearing all data memory, shutting down Prv, or updating its software. - **No Custom Hardware Required**: TRACES can be deployed on existing commercial MCUs without additional hardware modifications. ### Summary TRACES solves the problem of unreliable CFLog transmission in existing CFA techniques and provides a new method for achieving secure runtime auditing and remediation on commercial embedded systems.

TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems

ACFA: Secure Runtime Auditing & Guaranteed Device Healing via Active Control Flow Attestation

Dtee: A Declarative Approach to Secure IoT Applications Using TrustZone

TEE-PA: TEE Is a Cornerstone for Remote Provenance Auditing on Edge Devices With Semi-TCB

Runtime Verification for Trustworthy Computing

SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation

ISC-FLAT: On the Conflict Between Control Flow Attestation and Real-Time Operations

Armor: Protecting Software Against Hardware Tracing Techniques

A Trustenclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Towards Runtime Customizable Trusted Execution Environment on FPGA-SoC

CTR: Checkpoint, Transfer, and Restore for Secure Enclaves

HART: Hardware-Assisted Kernel Module Tracing on Arm

One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices

DeTRAP: RISC-V Return Address Protection With Debug Triggers

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers

Tiny-CFA: A Minimalistic Approach for Control-Flow Attestation Using Verified Proofs of Execution

Composite Enclaves: Towards Disaggregated Trusted Execution

Control-Flow Integrity for Real-Time Embedded Systems

Towards Secure Runtime Customizable Trusted Execution Environment on FPGA-SoC