RunPBA -- Runtime attestation for microcontrollers with PACBTI

TL;DR

RunPBA is a hardware-based runtime attestation system for microcontrollers that uses PACBTI to defend against control flow attacks with minimal performance overhead, suitable for resource-constrained embedded devices.

Contribution

It introduces PACBTI, a novel processor extension for Arm Cortex M processors, enabling secure runtime attestation without hardware modifications.

Findings

Imposes only 1% and 4.7% performance overhead on benchmarks

Demonstrates effective control flow attack mitigation

Suitable for real-world embedded systems

Abstract

The widespread adoption of embedded systems has led to their deployment in critical real-world applications, making them attractive targets for malicious actors. These devices face unique challenges in mitigating vulnerabilities due to intrinsic constraints, such as low energy consumption requirements and limited computational resources. This paper presents RunPBA, a hardware-based runtime attestation system designed to defend against control flow attacks while maintaining minimal performance overhead and adhering to strict power consumption constraints. RunPBA leverages PACBTI, a new processor extension tailored for the Arm Cortex M processor family, allowing robust protection without requiring hardware modifications, a limitation present in similar solutions. We implemented a proof-of-concept and evaluated it using two benchmark suites. Experimental results indicate that RunPBA imposes a geometric mean performance overhead of only 1% and 4.7% across the benchmarks, underscoring its efficiency and suitability for real-world deployment.