Thursday 23 January 2025
The quest for secure embedded systems has led researchers to develop innovative solutions to protect these devices from malicious attacks. One such approach is ENOLA, a control-flow attestation framework designed to verify the integrity of an embedded system’s execution path. In essence, ENOLA ensures that the system’s behavior matches its expected control flow, thereby preventing unauthorized modifications.
ENOLA achieves this by instrumenting the code with additional instructions that generate measurements for various branch points. These measurements are then stored in a data structure called the occurrence trace (TO), which serves as proof of the system’s correct execution path. The TO is combined with the generated measurements to create an authentication report, which can be used to verify the system’s integrity.
The ENOLA framework consists of several key components: the ENOLA compiler, which generates and instruments the code; the ENOLA attestation engine, responsible for verifying the system’s control-flow path; and the ENOLA verifier, which checks the authenticity of the TO. The framework uses a novel pointer authentication code (PAC) to sign the measurements, ensuring their integrity.
ENOLA has been evaluated on real-world applications, including the Embench and wolfSSL benchmarks. Results show that the framework incurs minimal runtime overhead, with instrumentation sites ranging from 1-3% of the total code size. The TO generated by ENOLA is typically small, consisting of only a few hundred bytes.
The authors demonstrate the effectiveness of ENOLA using a case study on the crc32 Embench application. They show how ENOLA can detect unauthorized modifications to the system’s control-flow path and provide evidence for its correct execution. The framework’s ability to verify the integrity of embedded systems makes it an attractive solution for securing critical infrastructure, such as medical devices or autonomous vehicles.
ENOLA’s innovative approach to control-flow attestation has significant implications for the security of embedded systems. By providing a robust means of verifying the system’s behavior, ENOLA enables developers to build trust in their code and ensures that their devices operate as intended. As the use of embedded systems continues to grow, ENOLA is poised to play a crucial role in securing these devices against malicious attacks.
Cite this article: “ENOLA: A Control-Flow Attestation Framework for Secure Embedded Systems”, The Science Archive, 2025.
Embedded Systems, Security, Control-Flow Attestation, Enola, Integrity, Verification, Authentication, Compiler, Attestation Engine, Verifier, Pointer Authentication Code (Pac)
