Explore a comprehensive IEEE conference talk on OAT (Operation Attestation), a novel system for attesting operation integrity of embedded devices in IoT/CPS systems. Learn about the formulation of Operation Execution Integrity (OEI) and how OAT enables remote attestation for ARM-based bare-metal embedded devices. Discover the innovative control-flow measurement scheme, abstract execution for remote verification, and lightweight integrity checking for critical data. Understand the security implications, including detection of control flow hijacks and data-only attacks on IoT devices. Examine the implementation details, performance tests, and security analysis of OAT, which achieves a 97% space reduction in measurement collection and a 74% reduction in instrumentation compared to previous approaches, while incurring only a 2.7% runtime overhead.
OAT - Attesting Operation Integrity of Embedded Devices
Overview
Syllabus
Intro
The unverifiable (blind) trust
Existing solutions -- attestation
Example: vulnerable robotic arm
Our Solution
OEI (Operation Exec. Integrity)
OEI: two sub-properties
Attestation Challenges
OAT (OEI Attestation Framework)
Threat model
Operations
CFI Attestation
Intuitive measurement schemes
A hybrid scheme
Measurement Collection & Verification
Critical variable identification
Existing data integrity checks
Def-Use Value Integrity (DVI)
Implementation notes
Tests on real embedded firmware
Micro Performance Tests
Comparisons
Security Tests & Analysis
Conclusion
Taught by
IEEE Symposium on Security and Privacy
