Software attacks like worm, botnet, and DDoS are the increasingly serious problems in IoT, which had caused large-scale cyber attack and even breakdown of important information infrastructure. Software measurement and attestation are general methods to detect software integrity and their executing states in IoT. However, they cannot resist TOCTOU attack due to their static features and seldom verify correctness of control flow integrity. In this paper, we propose a novel and practical scheme for software trusted execution based on lightweight trust. Our scheme RIPTE combines dynamic measurement and control flow integrity with PUF device binding key. Through encrypting return address of program function by PUF key, RIPTE can protect software integrity at runtime on IoT device, enabling to prevent the code reuse attacks. The results of our prototype’s experiment show that it only increases a small size TCB and has a tiny overhead in IoT devices under the constraint on function calling. In sum, RIPTE is secure and efficient in IoT device protection at runtime.

中文翻译：

---

RIPTE：基于可信执行的物联网设备运行时完整性保护

蠕虫，僵尸网络和DDoS等软件攻击是物联网中日益严重的问题，已引起大规模的网络攻击，甚至破坏了重要的信息基础架构。软件度量和证明是检测软件完整性及其在IoT中的执行状态的常规方法。但是，由于它们的静态功能，它们无法抵抗TOCTOU攻击，并且很少验证控制流完整性的正确性。在本文中，我们提出了一种基于轻量级信任的新颖实用的软件信任执行方案。我们的方案RIPTE将动态测量和控制流完整性与PUF设备绑定密钥结合在一起。通过使用PUF密钥加密程序功能的返回地址，RIPTE可以在运行时保护IoT设备上的软件完整性，从而防止代码重用攻击。我们的原型实验结果表明，在功能调用的约束下，它只会增加一个较小的TCB，并且在IoT设备中的开销很小。总而言之，RIPTE在运行时对物联网设备的保护是安全高效的。