Lucas Davi University of Duisburg-Essen, Germany ICRI-SC Associated Researcher

17 th May 2017, ICRI-SC Retreat, Darmstadt, Germany Can Systems ever be Protected against Run-time Attacks? Lucas Davi University of Duisburg-Essen, Germany ICRI-SC Associated Researcher

Motivation

Motivation App A App B

Motivation App A exploit bugs App B

Motivation App A exploit bugs App B App M inject malicious code

Motivation App A exploit bugs App B App M inject malicious code Large attack surface for remote malware attacks and software exploits on embedded systems [Costin et al., USENIX Security 2014 and Chen et al., NDSS 2016 ]

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] Adversary Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A B C D E F Adversary Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] A B Basic Block ENTRY asm_ins, EXIT Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D E F Adversary Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT B C D E corrupt code pointer X F inject malicious code Adversary Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT B C D E corrupt code pointer DEP X F inject malicious code Adversary Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] Basic Block Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] A ENTRY asm_ins, EXIT A C D B E corrupt code pointer C D B E DEP X F inject malicious code Adversary F Memory write Program flow

Classification Control-Flow Attack [AlephOne, Phrack 1996] [Shacham, CCS 2007] C D A B E Basic Block switch(opmode) ENTRY case recovery: C asm_ins, case op1: D EXIT case op2: E,F corrupt code pointer Non-Control-Data Attack [Chen et al., USENIX Sec. 2005] [Carlini et al., USENIX Sec. 2015] C D A B E DEP X F inject malicious code Adversary F Memory write Program flow

Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 19

Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] A B C E D F 20

Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] A B C E D F Memory Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 21

Main Defense Techniques (Fine-grained) Code Randomization [Cohen 1993 & Larsen et al., SoK IEEE S&P 2014] D A E F B C Memory (randomized) Control-Flow Integrity (CFI) [Abadi et al., CCS 2005 & TISSEC 2009] 22

Our Research on Return-Oriented Programming Attacks Jump-Oriented Programming with Checkoway et al. CCS 2010 Just-in-time Code Reuse with Snow et al. IEEE S&P 2013 Stitching Gadgets Davi et al. USENIX Sec. 2013 COOP with Schuster et al. IEEE S&P 2015 Losing Control with Conti et al. CCS 2015

Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec. 2013 IEEE S&P 2015 CCS 2015

Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Attacks against Microsoft EMET Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec. 2013 IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR)

Our Research on Return-Oriented Programming Attacks Undermines Shadow Stacks Attacks against Microsoft EMET Bypasses Google s Forward-Edge CFI Jump-Oriented Programming with Checkoway et al. Just-in-time Code Reuse with Snow et al. Stitching Gadgets Davi et al. COOP with Schuster et al. Losing Control with Conti et al. CCS 2010 IEEE S&P 2013 USENIX Sec. 2013 IEEE S&P 2015 CCS 2015 Bypasses fine-grained code randomization (incl. ASLR) Limitations of Binary-CFI

HAFIX: Hardware Flow Integrity Extensions [O. Arias, L. Davi, M. Hanreich, Y. Jin, P. Koeberl, D. Paul, A.-R. Sadeghi, D. Sullivan, DAC 2015, Best Paper]

State 0 Normal Execution Big Picture

Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return

Big Picture State 0 Normal Execution CFI State Only CFI instructions allowed Function Call Indirect Jump Function Return

Big Picture State 0 Normal Execution Function Call Indirect Jump Function Return CFI State Only CFI instructions allowed CFI_CALL label CFI_JMP label CFI_RET label

Overview on HAFIX

Overview on HAFIX Contributions Efficient CFI hardware implementation for Intel Siskiyou Peak and SPARC-LEON3 Dedicated CFI instructions and memory

Overview on HAFIX Contributions Efficient CFI hardware implementation for Intel Siskiyou Peak and SPARC-LEON3 Dedicated CFI instructions and memory HAFIX Policies 1. Function returns only allowed to target active call sites or the last active call site 2. Function calls need to target a valid function entry

HAFIX++ Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity [Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Yier Jin, DAC 2016]

What about attacks inside the benign control flow? How can we attest control-flow paths of an application?

C-FLAT: Control-Flow Attestation of Embedded Systems Software Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, Gene Tsudik ACM CCS 2016

C-FLAT: Big Picture Verifier Prover App A

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis P 1 P 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 P 1 P 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A P 1 P 1, #LP 1 P 2 P 1 P 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A Run-Time Path Measurement P 1 P 1, #LP 1 P 2 P 1 P 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis LP 1 Path Measurement App A Run-Time Path Measurement P 1 P 1, #LP 1 P 2 P 1 P 2 P* 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P 1 P 2 P* 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P* 2 P 1 P 2 P* 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P 1, #LP 1 P 2 P* 2 P 1 P 2 P* x P* 2

C-FLAT: Big Picture Verifier Prover App A Control-Flow Graph (CFG) Analysis Path Measurement Control-Flow Validation Run-Time Path Measurement LP 1 App A P 1 P* x P 1, #LP 1 P 2 P* 2 P 1 P 2 P* x P* 2

How to attest the executed control flows without transmitting all executed branches?

C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed A B C D E F

C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed A H 1 = H(0,A) B C D E F

C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D E F

C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D E H 3 = H( H 2,C) H 4 = H( H 2,D) F

C-FLAT Measurement Function Cumulative Hash Value: H i = H ( H i-1, N ) H i-1 -- previous hash result N -- instruction block (node) just executed H 2 = H( H 1,B) H 1 = H(0,A) A B C D H 3 = H( H 2,C) H 4 = H( H 2,D) E F H 5 = H( H 2,E) H 6 = H( H 5,F)

Loops are a challenge! Different loop paths and loop iterations lead to many valid hash values

C-FLAT Approach: Treat loops as sub-graphs and report their hash values and # of iterations separately

C-FLAT Approach: Treat loops as sub-graphs and report their hash values and # of iterations separately H Final H loop-entry Loop Entry Hash H loop_1,#h loop_1 H loop_2,#h loop_2 Loop Hash,Iteration

Prototype Architecture Implementation on Raspberry Pi 2 Application Binary Trampolines Measurement Engine and Attestation Hardware

Evaluation: Case Studies Syringe Pump Soldering Iron Temperature Controller

Syringe Pump Source: https://hackaday.io/project/1838- open-syringe-pump

Syringe Pump Source: https://hackaday.io/project/1838- open-syringe-pump Original implementation targets Arduino boards We ported the code to Raspberry Pi 13,000 instructions with 332 CFG edges of which 20 are loops Main functions are set-quantity and move-syringe

Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { processserial(); } } Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { cfa_init; processserial(); cfa_quote; } } Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

Applying C-FLAT to Syringe Pump main() while (1) { if (serialready()) { cfa_init; processserial(); cfa_quote; } } processserial() if (input == + ) { action(push,bolus); updatescreen(); } else if (input == - ) { action(pull,bolus); updatescreen(); } action(direction,bolus) steps = bolus * steps_per_ml if (direction == PUSH) { /* set stepper direction */ } else { /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } bolus = dose of drug; volume of cylinder for a particular height x Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

Applying C-FLAT to Syringe Pump while (1) { if (serialready()) { cfa_init; processserial(); 1 cfa_quote; 14 } } 2 10 13 if (input == + ) { action(push,bolus); 3 updatescreen(); 9 } else if (input == - ) { } main() processserial() action(pull,bolus); updatescreen(); 11 12 4 5 6 7 8 action(direction,bolus) steps = bolus * steps_per_ml if (direction == PUSH) { /* set stepper direction */ } else { /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } bolus = dose of drug; volume of cylinder for a particular height x Please note that this slide shows a simplified view of the Syringe pump code and control-flow graph.

Final Hash Measurements 4 5 6 7 8 action(direction,bolus) steps = bolus * steps_per_ml if (direction = PUSH) { /* set stepper direction */ } else /* PULL */ /* set stepper direction */ } for (steps) { /* move stepper */ } Final Measurements for PUSH, PULL operations: b3 c5 ca c4 6f dc 6a d0 4a 80 10 09 af a3 59 70 e0 9a f6 48 11 65 17 94 a7 0b 06 f0 ba e4 75 75

C-FLAT Log for PUSH action PUSH 0.1 ml Used 0.100 ml Bolus 0.100 ml [INFO] cfa_quote: 57 92 0f 9e 98 47 30 bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a 80 10 09 af a3 59 70 [INFO] path[000]: 97 78 fb fc 93 09 4e d7 ac 32 5d 65 eb 29 08 0c (682) [INFO] loop[001]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[003]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (9) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[005]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[007]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a 76 41 0f 59 e9 b2 8d 76 91 30 [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (10) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[009]: 2d 80 99 2c f1 61 b1 19 53 4d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) [INFO] loop[011]: 73 e3 be b7 33 30 58 5a 59 1b 2b c0 60 50 c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (14) [INFO] loop[012]: c2 88 83 00 68 dd 41 32 2c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) PUSH 0.2 ml Used 0.200 ml Bolus 0.200 ml [INFO] cfa_quote: 57 92 0f 9e 98 47 30 bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a 80 10 09 af a3 59 70 [INFO] path[000]: 97 78 fb fc 93 09 4e d7 ac 32 5d 65 eb 29 08 0c (1365) [INFO] loop[001]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[003]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (9) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[005]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[007]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a 76 41 0f 59 e9 b2 8d 76 91 30 [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (10) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[009]: 2d 80 99 2c f1 61 b1 19 53 4d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) [INFO] loop[011]: 73 e3 be b7 33 30 58 5a 59 1b 2b c0 60 50 c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (14) [INFO] loop[012]: c2 88 83 00 68 dd 41 32 2c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2)

C-FLAT Log for PUSH action PUSH 0.1 ml Used 0.100 ml Bolus 0.100 ml [INFO] cfa_quote: 57 92 0f 9e 98 47 30 bb a5 f7 5d 2a dc 8a 7b 5f PUSH 0.2 ml Used 0.200 ml Bolus 0.200 ml [INFO] cfa_quote: 57 92 0f 9e 98 47 30 bb a5 f7 5d 2a dc 8a 7b 5f [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a 80 10 09 af a3 59 70 [INFO] path[000]: 97 78 fb fc 93 09 4e d7 ac 32 5d 65 eb 29 08 0c (682) [INFO] loop[001]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[003]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (9) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[005]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[007]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a 76 41 0f 59 e9 b2 8d 76 91 30 [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (10) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[009]: 2d 80 99 2c f1 61 b1 19 53 4d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) [INFO] loop[011]: 73 e3 be b7 33 30 58 5a 59 1b 2b c0 60 50 c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (14) [INFO] loop[012]: c2 88 83 00 68 dd 41 32 2c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) [INFO] loop[000]: b3 c5 ca c4 6f dc 6a d0 4a 80 10 09 af a3 59 70 [INFO] path[000]: 97 78 fb fc 93 09 4e d7 ac 32 5d 65 eb 29 08 0c (1365) [INFO] loop[001]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[002]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[003]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[004]: f5 77 b7 94 bd 6c 81 e2 2f 36 da ad cd df 56 6e [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (9) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[005]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (1) [INFO] loop[006]: 6d 05 6e b2 3a 27 1e 2b 78 3e f9 4c e3 a7 cb f8 [INFO] path[000]: 62 f7 b8 0b 65 4b de 35 c7 05 bc 28 06 43 11 6e (2) [INFO] loop[007]: eb 16 88 8a d2 3b c6 19 f9 01 94 5d ee cb 1c 13 [INFO] path[000]: b9 7d cf 8d 00 b6 5f 63 b3 7c 60 e4 e3 be 56 17 (3) [INFO] loop[008]: ca 34 cb 8a 0b 8a 76 41 0f 59 e9 b2 8d 76 91 30 [INFO] path[000]: 67 c6 5e d4 18 13 02 bc 4a 5d 60 a0 16 85 f4 ed (10) [INFO] path[001]: 78 19 af 09 0f d5 64 f4 39 b4 7a 0d 97 57 77 8c (2) [INFO] loop[009]: 2d 80 99 2c f1 61 b1 19 53 4d 0a 96 be be a8 1f [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (13) [INFO] loop[010]: d2 32 da 39 c8 7f 0d bb 13 c0 a7 12 7d 4b 0c ce [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) [INFO] loop[011]: 73 e3 be b7 33 30 58 5a 59 1b 2b c0 60 50 c6 36 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (14) [INFO] loop[012]: c2 88 83 00 68 dd 41 32 2c 0d 37 f6 d3 be fd 09 [INFO] path[000]: 74 af 0f dc 3b 17 ff 67 03 72 d0 db fe b5 94 78 (2) Only the number of loop iterations is different per bolus 682 (0.1 ml), 1365 (0.2 ml)

Attacking the Syringe Pumb Constructed several exploits to validate the effectiveness of C-FLAT Control-flow attack uses ROP to dispense liquid at unexpected time C-FLAT detects attack due to unexpected measurement Non-control-data attack that dispenses more liquid than requested C-FLAT detects attack due to an unexpectedly high number of loop iterations

Discussion on C-FLAT C-FLAT attests control flow Pure data attacks that don t affect control flow are not covered

Discussion on C-FLAT C-FLAT attests control flow Pure data attacks that don t affect control flow are not covered Scalability depends on program size and complexity We target typical (simple) embedded software, e.g., Syringe Pump that scales well for C-FLAT Reducing context switch overhead ARMv8 Cortex-A53 needs ~3700 cycles at 800MHz; TrustZone-M only requires a few cycles

Open Challenges

Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system

Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system Addressing new attack techniques (e.g., dataoriented exploits, rowhammer)

Open Challenges CFI enforcement in the context of real-time operating systems and autonomous system Addressing new attack techniques (e.g., dataoriented exploits, rowhammer) Control-flow attestation of a network of devices inside an autonomous car