NSGA-II-Based Granularity-Adaptive Control-Flow Attestation

NSGA-II-Based Granularity-Adaptive Control-Flow Attestation

Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Jing Zhan, Yongzhen Li, Yifan Liu, Hongchao Li, Shuai Zhang, Li Lin
Formato: article
Lenguaje:EN
Publicado: Hindawi-Wiley 2021
Materias:
Technology (General)
T1-995
Science (General)
Q1-390
Acceso en línea:https://doaj.org/article/f0174519b3df48fca02b08e55ff6d51d
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:f0174519b3df48fca02b08e55ff6d51d
record_format dspace
spelling oai:doaj.org-article:f0174519b3df48fca02b08e55ff6d51d2021-11-29T00:56:37ZNSGA-II-Based Granularity-Adaptive Control-Flow Attestation1939-012210.1155/2021/2914192https://doaj.org/article/f0174519b3df48fca02b08e55ff6d51d2021-01-01T00:00:00Zhttp://dx.doi.org/10.1155/2021/2914192https://doaj.org/toc/1939-0122Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance requirements). In this paper, we propose a NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA) for the programs in embedded devices. Specifically, we propose a Granularity-Adaptive Control-Flow representation model to reduce the complexity of programs’ control-flow graph and propose NSGA-II-based granularity-adaptive strategy generation algorithm to balance the security and performance requirements. Besides, runtime protection for the GACFA at the program end with SGX is proposed to protect the integrity and confidentiality of control-flow measurement data. The experiments show that our work can find out the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. In addition, the security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios.Jing ZhanYongzhen LiYifan LiuHongchao LiShuai ZhangLi LinHindawi-WileyarticleTechnology (General)T1-995Science (General)Q1-390ENSecurity and Communication Networks, Vol 2021 (2021)
institution DOAJ
collection DOAJ
language EN
topic Technology (General)
T1-995
Science (General)
Q1-390
spellingShingle Technology (General)
T1-995
Science (General)
Q1-390
Jing Zhan
Yongzhen Li
Yifan Liu
Hongchao Li
Shuai Zhang
Li Lin
NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
description Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance requirements). In this paper, we propose a NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA) for the programs in embedded devices. Specifically, we propose a Granularity-Adaptive Control-Flow representation model to reduce the complexity of programs’ control-flow graph and propose NSGA-II-based granularity-adaptive strategy generation algorithm to balance the security and performance requirements. Besides, runtime protection for the GACFA at the program end with SGX is proposed to protect the integrity and confidentiality of control-flow measurement data. The experiments show that our work can find out the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. In addition, the security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios.
format article
author Jing Zhan
Yongzhen Li
Yifan Liu
Hongchao Li
Shuai Zhang
Li Lin
author_facet Jing Zhan
Yongzhen Li
Yifan Liu
Hongchao Li
Shuai Zhang
Li Lin
author_sort Jing Zhan
title NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
title_short NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
title_full NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
title_fullStr NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
title_full_unstemmed NSGA-II-Based Granularity-Adaptive Control-Flow Attestation
title_sort nsga-ii-based granularity-adaptive control-flow attestation
publisher Hindawi-Wiley
publishDate 2021
url https://doaj.org/article/f0174519b3df48fca02b08e55ff6d51d
work_keys_str_mv AT jingzhan nsgaiibasedgranularityadaptivecontrolflowattestation
AT yongzhenli nsgaiibasedgranularityadaptivecontrolflowattestation
AT yifanliu nsgaiibasedgranularityadaptivecontrolflowattestation
AT hongchaoli nsgaiibasedgranularityadaptivecontrolflowattestation
AT shuaizhang nsgaiibasedgranularityadaptivecontrolflowattestation
AT lilin nsgaiibasedgranularityadaptivecontrolflowattestation
_version_ 1718407744339312640

Ejemplares similares