Boosting Device Utilization in Control Flow Auditing

TL;DR

This paper introduces CARAMEL, a hardware-software co-design that enhances control flow auditing in MCUs by allowing resumed application execution during evidence transmission, significantly improving CPU utilization while maintaining security.

Contribution

CARAMEL's novel architecture reduces contention in control flow auditing, enabling resumed application execution during evidence transmission without compromising security.

Findings

Substantially improved CPU utilization.

Modest hardware cost for implementation.

Open-source implementation and evaluation.

Abstract

Micro-Controller Units (MCUs) are widely used in safety-critical systems, making them attractive targets for attacks. This calls for lightweight defenses that remain effective despite software compromise. Control Flow Auditing (CFAud) is one such mechanism wherein a remote verifier (Vrf) is guaranteed to received evidence about the control flow path taken on a prover (Prv) MCU, even when Prv software is compromised. Despite promising benefits, current CFAud architectures unfortunately require a ``busy-wait'' phase where a hardware-anchored root-of-trust (RoT) in Prv retains execution control to ensure delivery of control flow evidence to Vrf. This drastically reduces the CPU utilization on Prv. In this work, we addresses this limitation with an architecture for Contention Avoidance in Runtime Auditing with Minimized Execution Latency (CARAMEL). CARAMEL is a hardware-software RoT co-design that enables Prv applications to resume while control flow evidence is transmitted to Vrf. This significantly reduces contention due to transmission delays and improves CPU utilization without giving up on security. Key to CARAMEL is our design of a new RoT with a self-contained (and minimal) dedicated communication interface. CARAMEL's implementation and accompanying evaluation are made open-source. Our results show substantially improved CPU utilization at a modest hardware cost.