ATRIUM: Runtime attestation resilient under memory attacks

Remote attestation is an important security service that allows a trusted party (verifier) to verify the integrity of a software running on a remote and potentially compromised device (prover). The security of existing remote attestation schemes relies on the assumption that attacks are software-only and that the prover's code cannot be modified at runtime. However, in practice, these schemes can be bypassed in a stronger and more realistic adversary model that is hereby capable of controlling and modifying code memory to attest benign code but execute malicious code instead — leaving the underlying system vulnerable to Time of Check Time of Use (TOCTOU) attacks. In this work, we first demonstrate TOCTOU attacks on recently proposed attestation schemes by exploiting physical access to prover's memory. Then we present the design and proof-of-concept implementation of ATRIUM, a runtime remote attestation system that securely attests both the code's binary and its execution behavior under memory attacks. ATRIUM provides resilience against both software- and hardware-based TOCTOU attacks, while incurring minimal area and performance overhead.

[1]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[2]  Ahmad-Reza Sadeghi,et al.  LO-FAT: Low-Overhead control Flow ATtestation in hardware , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[3]  Dawn Xiaodong Song,et al.  SoK: Eternal War in Memory , 2013, 2013 IEEE Symposium on Security and Privacy.

[4]  Hovav Shacham,et al.  When good instructions go bad: generalizing return-oriented programming to RISC , 2008, CCS.

[5]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[6]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[7]  George Candea,et al.  Code-pointer integrity , 2014, OSDI.

[8]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[9]  Xeno Kovah,et al.  New Results for Timing-Based Attestation , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Zhenkai Liang,et al.  Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[11]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[12]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[13]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[14]  Bjorn De Sutter,et al.  SCM: Secure Code Memory Architecture , 2017, AsiaCCS.

[15]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[16]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[17]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[18]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[19]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[20]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[21]  user surfaces,et al.  Data Execution Prevention , 2011 .

[22]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[23]  Lionel Torres,et al.  Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines , 2009, Trans. Comput. Sci..