Control-Flow Attestation: Concepts, Solutions, and Open Challenges

Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execution follows an authorised control-flow path. The problem has been explored in various settings, such as assessing the trustworthiness of cyber-physical systems, Internet of Things devices, cloud platforms, and many others. Despite a significant number of proposals being made in recent years, the area remains fragmented, addressing different adversarial behaviours, verification paradigms, and deployment challenges. In this paper, we present the first survey of control-flow attestation, examining the core ideas and solutions in state-of-the-art schemes. In total, we survey over 30 papers published between 2016-2024, consolidate and compare their key features, and pose several challenges and recommendations for future research in the area.