# A Verified Architecture for Proofs of Execution on Remote Devices under   Full Software Compromise

**Authors:** Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon,, Gene Tsudik

arXiv: 1908.02444 · 2020-01-14

## TL;DR

This paper introduces VAPE, a verified architecture ensuring trustworthy execution proofs on remote, potentially compromised devices, enabling secure sensing and actuation in safety-critical cyber-physical systems.

## Contribution

It presents the first verified architecture for proofs of execution on low-end embedded systems, with formal security guarantees and low overhead.

## Key findings

- VAPE is secure against software compromise.
- VAPE incurs low computational overhead.
- Applicable to low-end embedded devices like MSP430 and ATMega.

## Abstract

Modern society is increasingly surrounded by, and accustomed to, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety-critical functions, e.g., personal medical devices, automotive CPS and industrial automation (smart factories). Some devices are small, cheap and specialized sensors and/or actuators. They tend to run simple software and operate under control of a more sophisticated central control unit. The latter is responsible for the decision-making and orchestrating the entire system. If devices are left unprotected, consequences of forged sensor readings or ignored actuation commands can be catastrophic, particularly, in safety-critical settings. This prompts the following three questions: (1) How to trust data produced by a simple remote embedded device? and (2) How to ascertain that this data was produced via execution of expected software? Furthermore, (3) Is it possible to attain (1) and (2) under the assumption that all software on the remote device could be modified or compromised?   In this paper we answer these questions by designing, proving security of, and formally verifying, VAPE: Verified Architecture for Proofs of Execution. To the best of our knowledge, this is the first of its kind result for low-end embedded systems. Our work has a range of applications, especially, to authenticated sensing and trustworthy actuation, which are increasingly relevant in the context of safety-critical systems. VAPE architecture is publicly available and our evaluation demonstrates that it incurs low overhead, affordable even for lowest-end embedded devices, e.g., those based on MSP430 or ARV ATMega processors.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.02444/full.md

## Figures

23 figures with captions in the complete paper: https://tomesphere.com/paper/1908.02444/full.md

## References

48 references — full list in the complete paper: https://tomesphere.com/paper/1908.02444/full.md

---
Source: https://tomesphere.com/paper/1908.02444