A1 Journal article (refereed)
Nanovised Control Flow Attestation (2022)

Ben Yehuda, R., Kiperberg, M., & Zaidenberg, N. J. (2022). Nanovised Control Flow Attestation. Applied Sciences, 12(5), Article 2669. https://doi.org/10.3390/app12052669

JYU authors or editors

Publication details

All authors or editors: Ben Yehuda, Raz; Kiperberg, Michael; Zaidenberg, Nezer Jacob

Journal or series: Applied Sciences

eISSN: 2076-3417

Publication year: 2022

Publication date: 04/03/2022

Volume: 12

Issue number: 5

Article number: 2669

Publisher: MDPI AG

Publication country: Switzerland

Publication language: English

DOI: https://doi.org/10.3390/app12052669

Publication open access: Openly available

Publication channel open access: Open Access channel

Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/80179

Abstract

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.

Keywords: data security; access control; virtualisation; Linux

Free keywords: hypervisor; ARM; Linux; control flow; SlowLoris; TrustZone

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2022

Preliminary JUFO rating: 1