Nanovised Control Flow Attestation

Raz Ben Yehuda, Michael Kiperberg, Nezer Jacob Zaidenberg

Research output: Contribution to journalArticlepeer-review

Abstract

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.

Original languageEnglish
Article number2669
JournalApplied Sciences (Switzerland)
Volume12
Issue number5
DOIs
StatePublished - 1 Mar 2022
Externally publishedYes

Keywords

  • ARM
  • Control flow
  • Hypervisor
  • Linux
  • SlowLoris
  • TrustZone

Fingerprint

Dive into the research topics of 'Nanovised Control Flow Attestation'. Together they form a unique fingerprint.

Cite this