תקציר
This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.
שפה מקורית | אנגלית |
---|---|
מספר המאמר | 2669 |
כתב עת | Applied Sciences (Switzerland) |
כרך | 12 |
מספר גיליון | 5 |
מזהי עצם דיגיטלי (DOIs) | |
סטטוס פרסום | פורסם - 1 מרץ 2022 |
פורסם באופן חיצוני | כן |