Nanovised Control Flow Attestation

Raz Ben Yehuda; Michael Kiperberg; Nezer Jacob Zaidenberg

doi:10.3390/app12052669

Applied Sciences (Mar 2022)

Nanovised Control Flow Attestation

Raz Ben Yehuda,
Michael Kiperberg,
Nezer Jacob Zaidenberg

Affiliations

Raz Ben Yehuda: Faculty of Information Technology, University of Jyväskylä, 40014 Jyväskylä, Finland
Michael Kiperberg: Department of Software Engineering, Shamoon College of Engineering, Beer-Sheva 8410802, Israel
Nezer Jacob Zaidenberg: Faculty of Computer Science, College of Management Academic Studies, Rishon LeZion 7579806, Israel

DOI: https://doi.org/10.3390/app12052669
Journal volume & issue: Vol. 12, no. 5
p. 2669

Abstract

Read online

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords