hardware assisted control flow obfuscation for embedded processors xiaotong zhuang tao zhang...
TRANSCRIPT
![Page 1: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/1.jpg)
Hardware Assisted Control Flow Obfuscation Hardware Assisted Control Flow Obfuscation
for Embedded Processorsfor Embedded Processors
Xiaotong Zhuang Xiaotong Zhuang Tao Zhang Tao Zhang
Hsien-Hsin (Sean) LeeHsien-Hsin (Sean) Lee Santosh PandeSantosh Pande
Georgia Institute of TechnologyGeorgia Institute of TechnologyAtlanta, GA 30332Atlanta, GA 30332
![Page 2: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/2.jpg)
2
Types of Security AttacksTypes of Security Attacks
Software-based attacks
Software reverse engineering, de-assembly
Software patching
Hardware-based physical attacks
Trace system from system bus, peripheral bus
Power/timing differential analysis
Build fake devices, device spoof (MOD chip)
Modify RAM
Replay bus signals, fake bus signal injection
Trigger fake interrupts
• XBOX with MOD-chip installed. MOD-chip is a low cost bus snoop and spoof device widely used to break XBOX security.
![Page 3: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/3.jpg)
3
Deficiency in Encryption/AuthenticationDeficiency in Encryption/Authentication
A common approach to protect data from being pirated.
The security strength is provable.
Cannot protect “addresses”
Program control flow is unprotected can be leaked. We will show examples later.
![Page 4: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/4.jpg)
4
AgendaAgenda
Secure processor model
Control flow leaking
Hardware obfuscator
Performance Analysis
Conclusion
![Page 5: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/5.jpg)
5
Unsecure Processor ModelUnsecure Processor Model
Processor Chip Memory
![Page 6: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/6.jpg)
6
Secure Processor ModelSecure Processor Model
Processor Chip Memory
Insecure
Secure
Boundary
![Page 7: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/7.jpg)
7
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Assume all code are encrypted
![Page 8: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/8.jpg)
8
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1)
![Page 9: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/9.jpg)
9
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1), Addr(B2)
![Page 10: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/10.jpg)
10
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B3)
![Page 11: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/11.jpg)
11
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B3)
Addr(B1)
![Page 12: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/12.jpg)
12
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B3)
Addr(B1), Addr(B2)
![Page 13: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/13.jpg)
13
Control Flow Leakage Control Flow Leakage Example 1 Example 1
B1
B2
B3
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B3)
Addr(B1), Addr(B2), Addr(B3)….
repeated addresses loop
![Page 14: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/14.jpg)
14
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
B3
Addr(B1)
![Page 15: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/15.jpg)
15
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
Addr(B1), Addr(B2)
B3
![Page 16: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/16.jpg)
16
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B4)
B3
![Page 17: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/17.jpg)
17
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B4)
B3
Addr(B1)
![Page 18: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/18.jpg)
18
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B4)
Addr(B1), Addr(B3)
B3
![Page 19: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/19.jpg)
19
Control Flow Leakage Control Flow Leakage Example 2 Example 2
B1
B2
B4
Control Flow Graph Address Sequence
Addr(B1), Addr(B2), Addr(B4)
Addr(B1), Addr(B3), Addr(B4)….
B3
either B2 or B3 follows B1 conditional branch
![Page 20: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/20.jpg)
20
Critical Data Leakage via Critical Data Leakage via Value-Dependent Conditional BranchesValue-Dependent Conditional Branches
Hacker’s interest : to find X (the secret key)
Only 2 possibilities: key X or X
Let S0 = 1For i = 0 to w-1 Do If (bit i of k) is 1 then Let Ti = (Si*C) mod N Else Let Ti = Si
Let Si+1 = T2i mod N
EndForReturn (Rw-1)
Initialize
i=0 to w-1
Else-branchIf-branch
Loop End
Return
bit i of k = 1?
Y N
Modular Exponentiation Algorithm(Diffie-Hellman, RSA)
T = Ck mod N
![Page 21: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/21.jpg)
21
Code Reuse in SPECint2000Code Reuse in SPECint2000
0%10%20%30%40%50%60%70%80%90%
100%
Bin
ary
Reu
se P
erce
nta
ge Reused non-reused
![Page 22: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/22.jpg)
22
Matching CFGs for libc.aMatching CFGs for libc.a
Use graph isomorphism algorithm by Ullman
5% matching when BB<=5
Not consider BB size in this figure (thus conservative)
10
100
1000
10000
100000
1000000
>=5 >=10 >=15# of Basic Blocks on CFG
# of comparisons # of matches
0.1%
5%
0.05%
<=5 <=10 <=15
![Page 23: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/23.jpg)
23
Consequences of Control Flow LeakageConsequences of Control Flow Leakage
Essential Information about the software
By graph matching the control flow graph with existing software, reuse code can be identified
Critical data can be leaked as well
Even partial knowledge can help competitors
![Page 24: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/24.jpg)
24
Why not Encrypt Addresses?Why not Encrypt Addresses?
Encryption/decryption only on the processor side
Memory is not secure, so no decryption on the memory side. Otherwise decrypted addresses are exposed, invalidates address encryption.
Address encryption instruction data in memory must be relocated
![Page 25: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/25.jpg)
25
Software Obfuscation Software Obfuscation Static Address Encryption Static Address Encryption
Obfuscation techniques like “inlining and outlining transformation”, “loop transformation”, “control flow flattening” can somehow conceal the control flow.
Lack of ways to measure and prove the difficulty introduced. The level of protection cannot be evaluated and guaranteed quantitatively after the obfuscation.
May incur large overheads in code size due to dead code or irrelevant code.
Limited capability of static obfuscation
![Page 26: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/26.jpg)
26
Static Address EncryptionStatic Address Encryption
B1
B2
B4
Control Flow Graph
B3
Memory Layout
B1
B2
B3
B4
101
102
103
104
After Address Encryption
B2
B4
B1
B3
101
102
103
104
Encryption Scheme
Ekey(101)=103Ekey(102)=101Ekey(103)=104Ekey(104)=102
![Page 27: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/27.jpg)
27
Static Address EncryptionStatic Address Encryption
B1
B2
B4
B3
101
102 103
104
B2
B4
B1
B3
101
102
103
104
B1
B2
B4
B3
103
101 104
102
B1
B2
B3
B4
101
102
103
104
101,102,104,101,103,104…
103,101,102,103,104,102…
![Page 28: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/28.jpg)
28
Dynamic Control Flow ObfuscationDynamic Control Flow Obfuscation
Should map address differently each time as it appears on the bus
Relocate blocks to new place every time it is evicted from the processor
Should not write out immediately after access to avoid correlation being exposed
![Page 29: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/29.jpg)
29
Obfuscator Hardware OverviewObfuscator Hardware Overview
Processor side
( secur
secur
ee)
Shuffle Buffer
Bus, memory (insecureinsecure)
Cache
Block Address Table Cache
Block Address Table Program Address Space
Controller
Encryption/decryption
Encryption/decryption
![Page 30: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/30.jpg)
30
Shuffle BufferShuffle BufferA memory extension into secure side on the processor
Mutually exclusive to memory
Instructions are shuffle (relocated) when evicted from the shuffle buffer
1 2 3 4 5 6 7 8 9
Shuffle buffer Memory
SecurityBoundary
![Page 31: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/31.jpg)
31
Dynamic Obfuscation ExampleDynamic Obfuscation Example
shuffle buffer
1 2 3 4 5 6 7 8 9
memoryaccesses
1 2 3 4 5 6 7 8 9Start—after fill up the buffer
5 1 5 3 4 2 6 7 8 9
Random Replacement Algorithm
![Page 32: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/32.jpg)
32
Dynamic Obfuscation ExampleDynamic Obfuscation Example
shuffle buffer
1 2 3 4 5 6 7 8 9
memoryaccesses
5 1 5 3 4 2 6 7 8 9
1 2 3 4 5 6 7 8 9Start—after fill up the buffer
Shuffle buffer Memory
Addr1 map(Addr1)Addr2 map(Addr2)Addr3 map(Addr3)
AddrX map(AddrX)
Block Address Table
![Page 33: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/33.jpg)
33
Dynamic Obfuscation ExampleDynamic Obfuscation Example
shuffle buffer
1 2 3 4 5 6 7 8 9
memoryaccesses
5 1 5 3 4 2 6 7 8 9
1 2 3 4 5 6 7 8 9Start—after fill up the buffer
8 5 3 4 2 6 7 1 98
6 8 6 3 4 2 5 7 1 9
8 8 6 3 4 2 5 7 1 9
finish 8 6 3 4 2 5 7 1 9
![Page 34: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/34.jpg)
34
Block Address Table (BAT) Block Address Table (BAT) Keep address mapping information
Need to be encrypted since it is stored in insecure memory
Incur small overhead in memory (depending on program size)
Can be accelerated by “caching”caching” the translation on-chip BAT cache
8 6 3 4 2 5 7 1 9
Shuffle buffer Memory
Addr1 map(Addr1)Addr2 map(Addr2)Addr3 map(Addr3)
AddrX map(AddrX)
Block Address Table
![Page 35: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/35.jpg)
35
Security StrengthSecurity Strength
We calculate that an n-recurrence can be detected by the attacker is , where M is the number of blocks in the shuffle buffer
It becomes exponentially difficult when n gets larger
A fair large shuffle buffer yields good security
1nM
![Page 36: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/36.jpg)
36
BAT Cache Hit Rate Sensitivity StudyBAT Cache Hit Rate Sensitivity Study
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
qsor
t
susa
njpe
g
dijks
tra
patric
iaisp
ell
rsyn
th
blowfis
h
rijnda
el
adpc
m
hit
ra
te
256B 512B 1KB 2KB 4KB
Increases rapidly with larger cache, 61.7% (256B), 75.9% (512B), 87.5%(1KB), 92.9%(2KB), 94.1%(4KB).
![Page 37: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/37.jpg)
37
IPC Sensitivity w.r.t. BAT CacheIPC Sensitivity w.r.t. BAT Cache
Larger BAT cache improves performance (only 1-2% slowdown)
0.75
0.8
0.85
0.9
0.95
1
1.05
qsor
t
susa
njpe
g
dijks
tra
patric
iaisp
ell
rsyn
th
blowfis
h
rijndae
l
adpc
m
no
rmal
ized
IP
C
256B 512B 1K 2K 4K
![Page 38: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/38.jpg)
38
Shuffle Buffer Size Sensitivity StudyShuffle Buffer Size Sensitivity Study
0.88
0.9
0.92
0.94
0.96
0.98
1
1.02
no
rma
lize
d IP
C
64 128 256 512 1024
Shuffle buffer when larger than 256-entry
could negate performance by ~1%
leads to poorer locality in BAT and higher miss rate in BAT cache because of random replacement
entries
![Page 39: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/39.jpg)
39
ConclusionConclusion
Software protection and informationprivacy for embedded systems cannot be compromised
Encryption/decryption is insufficient to protect addresses and the control flow from revealing.
Traditional software based obfuscation does not have provable security strength and can incur high runtime overhead.
We propose a hardware assisted control flow obfuscation technique.
We demonstrate quantitatively how difficult it is to break such protection.
The hardware solution incurs very little performance overhead.
![Page 40: Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology](https://reader030.vdocuments.mx/reader030/viewer/2022032516/56649c755503460f94928dbf/html5/thumbnails/40.jpg)
40
That’s All Folks !That’s All Folks !
Questions & AnswersQuestions & Answers