Trusted Execution Environments (TEE) isolate and check the integrity of processes that need improved security. However, TEEs can only check the integrity before launch time, which makes them ineffective against runtime attacks such as Remote Code Execution attacks. Control Flow Attestation (CFA) is a mechanism to detect these runtime attacks by checking the control flow against any illegal deviations. Even though there are some implementations of CFA on TEEs, such as GuaranTEE, they are bound to the architecture and TEE they are implemented on. This creates the need for porting CFA on other available TEEs.
In this work, we discuss three different approaches to implement CFA on Keystone, which is an open-source TEE framework and implementation for RISC-V. Using the best-suited approach out of these three, we implemented CFA for RISC-V Keystone Enclaves without any modification to Keystone's core security-critical components. Our proof of concept is able to detect malicious control flow deviations on the inspected program. With the combination of Keystone's already existing guarantees and our runtime attestation feature, we present an even more secure processing environment for a variety of use cases such as cloud computing.
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching