C-FLAT: Control-Flow Attestation for Embedded Systems Software

Tigist Abera, N Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, Gene Tsudik

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

126 Citations (Scopus)


Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to runtime attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive runtime remote attestation, we present the design and implementation of Control-FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.
Original languageEnglish
Title of host publicationCCS '16 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Pages 743-754
Number of pages12
ISBN (Electronic)978-1-4503-4139-4
Publication statusPublished - 24 Oct 2016
MoE publication typeA4 Article in a conference publication
EventACM Conference on Computer and Communications Security - Hofburg Palace, Vienna, Austria
Duration: 24 Oct 201628 Oct 2016
Conference number: 23


ConferenceACM Conference on Computer and Communications Security
Abbreviated titleCCS
Internet address


Dive into the research topics of 'C-FLAT: Control-Flow Attestation for Embedded Systems Software'. Together they form a unique fingerprint.

Cite this