Control-Flow Attestation: Concepts, Solutions, and Open Challenges

TL;DR

This paper surveys control-flow attestation, a technique that verifies runtime behavior of devices to ensure security, highlighting core ideas, solutions, challenges, and future research directions.

Contribution

It provides the first comprehensive survey of over 30 control-flow attestation schemes, comparing their features and identifying open challenges.

Findings

Control-flow attestation unifies control-flow integrity and platform attestation.

The area is fragmented with diverse adversarial models and verification methods.

Future research needs to address deployment challenges and standardization.

Abstract

Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execution follows an authorised control-flow path. The problem has been explored in various settings, such as assessing the trustworthiness of cloud platforms, cyber-physical systems, and Internet of Things devices. Despite a significant number of proposals being made in recent years, the area remains fragmented, with different adversarial behaviours, verification paradigms, and deployment challenges being addressed. In this paper, we present the first survey of control-flow attestation, examining the core ideas and solutions in state-of-the-art schemes. In total, we survey over 30 papers published between 2016--2024, consolidate and compare their key features, and pose several challenges and recommendations for future research in the area.