A scientific paper entitled “Secure Edge Computing with Lightweight Control-Flow Property-based Attestation” has been co-authored by UBITECH and is presented at the 1st International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft), co-hosted at 5th IEEE International Conference on Network Softwarization (NetSoft 2019), between June 24-28, 2019 in Paris, France. In this paper, Sofianna Menesidou, Panagiotis Gouvas, and their co-authors propose a lightweight dynamic control-flow property-based attestation architecture (CFPA) that can be applied on both resource-constrained edge and cloud devices and services.
It is a first step towards a new line of security mechanisms that enables the provision of control-flow attestation of only those specific, critical software components that are comparatively small, simple and limited in function, thus, allowing for a much more efficient verification. Our goal is to enhance run-time software integrity and trustworthiness with a scalable and decentralized solution eliminating the need for federated infrastructure trust. In particular, through enforceable security policies, we model the behavioural and execution properties (as a sequence of states) of only those safety-critical software functions that need to verified, during run-time, thus reducing the code base to be attested. Such properties mainly include execution paths to specific memory regions, as a result of the invocation of the functions of interest. As part of this novel approach, CFPA allows for the efficient monitoring of a program’s control-flow through periodically computing authenticated and small control-flow footprints. Our proposed solution is scalable and decentralized, removing the need for federated trust of the infrastructure entities in cloud-based environments.
