Search papers, labs, and topics across Lattice.
This paper introduces HPCCFA, a novel Control Flow Attestation (CFA) mechanism for Trusted Execution Environments (TEEs) that leverages Hardware Performance Counters (HPCs) on commodity CPUs for hardware-backed trace generation. HPCCFA enables runtime attestation to detect control flow violations indicative of runtime attacks within the TEE. A proof-of-concept implementation for Keystone on RISC-V demonstrates the feasibility of HPCCFA, revealing a trade-off between detection reliability and performance overhead based on the number of measurement points.
Commodity CPUs can be retrofitted with hardware-backed control flow attestation using hardware performance counters, enabling runtime attack detection in TEEs.
Trusted Execution Environments (TEEs) allow the secure execution of code on remote systems without the need to trust their operators. They use static attestation as a central mechanism for establishing trust, allowing remote parties to verify that their code is executed unmodified in an isolated environment. However, this form of attestation does not cover runtime attacks, where an attacker exploits vulnerabilities in the software inside the TEE. Control Flow Attestation (CFA), a form of runtime attestation, is designed to detect such attacks. In this work, we present a method to extend TEEs with CFA and discuss how it can prevent exploitation in the event of detected control flow violations. Furthermore, we introduce HPCCFA, a mechanism that uses HPCs for CFA purposes, enabling hardware-backed trace generation on commodity CPUs. We demonstrate the feasibility of HPCCFA on a proof-of-concept implementation for Keystone on RISC-V. Our evaluation investigates the interplay of the number of measurement points and runtime protection, and reveals a trade-off between detection reliability and performance overhead.
