[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-84291-en":3,"doc-seo-84291-105":29,"detail-sidebar-cat-0-en-105":90},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},84291,1374391974585,"Genevieve","https://ap-avatar.wpscdn.com/davatar_276721f389ce27ea32af1340a28f341c",6,"Technology","KS-CFA: Control-Flow Attestation via Symbolic Replay Against Control-Flow Bending Attacks","Control-flow attestation (CFA) lets a remote verifier check program execution on a target device by monitoring control-flow behavior at runtime. Control-flow bending (CFB) attacks are difficult to detect because adversaries steer execution along legal control-flow graph edges by corrupting runtime state such as branch flags and loop counters. KS-CFA detects CFB across indirect calls, conditional/indirect jumps, and returns by combining symbolic execution with selective recording of input-sourced control-flow dependent variables. A prover uses a TEE to store a control-flow trace plus external inputs; the verifier replays the path and localizes divergences. Evaluations on RISC-V Keystone with Embench-IoT (QEMU) and Rocket FPGA (NiteFury II) show prover overhead of 6.8–20.5× on QEMU and 6.7–32.2× on FPGA, while avoiding path/value enumeration.","KS-CFA: Control-Flow Attestation via Symbolic Replay Against Control-Flow Bending Attacks  \nZhanyu Sha, Konstantinos Markantonakis, Carlton Shepherd, Amir Rafi  \n~~ ~~ ✦ ~~ ~~  \narXiv :2607 .07926v 1 [ cs .CR] 8 Jul 2026  \nAbstract—Control-flow attestation (CFA) enables a remote entity to verify program execution on a target device by monitoring control-flow behaviour at runtime. However, control-flow bending (CFB) attacks remain difficult to detect, where an adversary steers execution along legal edges of the program’s control-flow graph by corrupting branch flags, loop counters, and other runtime data. Existing solutions impose significant drawbacks: they require enumerating vast measurement spaces, cover only a reduced subset of attacks, or rely on low-level hardware modifications. In this work, we present KS-CFA, a new CFA scheme that detects CFB attacks across four transfer types (indirect calls, conditional and indirect jumps, and returns) without those costs. To this end, we combine symbolic execution and selective identification of input-sourced control-flow dependent variables: a strict subset of control-flow-relevant state whose values are directly read from external input. The proving device records, inside a trusted execution environment (TEE), a controlflow trace and the external inputs that determine relevant run-time variables. The verifier then replays the reported path through single-path symbolic execution, predicting each transfer and localising divergences that signal an attack. We implement and evaluate KS-CFA using the RISC-V Keystone TEE and Embench-IoT on QEMU and a Rocket-based FPGA platform (NiteFury II) . Prover-side overhead relative to unattested execution ranges from 6.8–20.5 × on QEMU and 6.7–32.2 × on the FPGA, and verification requires no path or value enumeration.  \nIndex Terms—Control-flow attestation, trusted execution environments, symbolic execution, embedded systems, remote attestation, RISC-V  \n1 INTRODUCTION  \nCONTROL-FLOW attacks remain a persistent and power  \nful threat to system security. Traditional control-flow attacks (e.g., code injection, code reuse) tamper with control data (e.g., return addresses, function pointers) to redirect execution through memory-corruption vulnerabilities. Such attacks have been mitigated by control-flow integrity (CFI) techniques, which enforce that a program’s runtime execution follows its control-flow graph (CFG) . CFI operates locally on the device and cannot provide remote, cryptographically verifiable evidence of execution correctness. This gap has motivated the emergence of control-flow attestation (CFA) [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11],[12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23],[24],[25],[26], which enables a remote verifier (V) to validate  \nZ. Sha, K. Markantonakis and A. Rafi are with the Information Security Group, Royal Holloway, University of London, Egham, Surrey, United Kingdom. Corresponding author: Z. Sha (e-mail: [zhanyu.sha.2022@rhul.ac.uk](zhanyu.sha.2022@rhul.ac.uk))  \nC. Shepherd is with the Department of Computer Science, Durham University, Durham, UK, and was supported by the UK Engineering and Physical Sciences Research Council through grant EP/Y030168/1.  \na program’s execution path against attestation reports sent from the prover device (P) .  \nHowever, CFA does not detect all control-flow attacks. A particularly subtle class are control-flow bending (CFB) attacks [27], [28], which are fundamentally harder to detect than traditional control-flow threats, such as return-oriented programming (ROP) [29] . In a CFB attack, the adversary manipulates control-and non-control data—branch flags, loop counters, indirect-call targets, or return addresses stored in writable memory—to steer execution along edges that are legal in the CFG, but produce malicious behaviour collectively (e.g., bypassing security checks or escalating privileges) . Because individual control-flow transfers res","cbCaiaZh9a8q7xqT","https://ap.wps.com/l/cbCaiaZh9a8q7xqT","pdf",866692,1,16,"English","en",105,"# Abstract\n# Introduction\n## Background: control-flow attacks and CFA\n## The challenge: detecting control-flow bending (CFB)\n## Limitations of existing approaches\n## KS-CFA design overview","[{\"question\":\"What problem does KS-CFA address in control-flow attestation?\",\"answer\":\"KS-CFA targets control-flow bending (CFB) attacks, which manipulate runtime state to drive execution along legal CFG edges while producing malicious overall behavior. These attacks are harder to detect than traditional control-flow threats.\"},{\"question\":\"How does KS-CFA detect CFB attacks without enumerating paths or values?\",\"answer\":\"KS-CFA records a control-flow trace and the external inputs that determine selected input-sourced control-flow dependent variables inside a TEE. The verifier then replays the reported path using single-path symbolic execution to predict transfers and localize divergences.\"},{\"question\":\"What platforms and transfer types are used to evaluate KS-CFA?\",\"answer\":\"KS-CFA is implemented and evaluated with the RISC-V Keystone TEE and Embench-IoT on QEMU, and on a Rocket-based FPGA platform (NiteFury II). It targets four transfer types including indirect calls, conditional/indirect jumps, and returns.\"}]",1784194616,40,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":27},"ks-cfa-control-flow-attestation-via-symbolic-replay-against-control-flow-bending-attacks","",{"@graph":35,"@context":84},[36,53,67],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/ks-cfa-control-flow-attestation-via-symbolic-replay-against-control-flow-bending-attacks/84291/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":61,"encodingFormat":60,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-16",true,{"@type":64,"interactionType":65,"userInteractionCount":4},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"What problem does KS-CFA address in control-flow attestation?","Question",{"text":74,"@type":75},"KS-CFA targets control-flow bending (CFB) attacks, which manipulate runtime state to drive execution along legal CFG edges while producing malicious overall behavior. These attacks are harder to detect than traditional control-flow threats.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How does KS-CFA detect CFB attacks without enumerating paths or values?",{"text":79,"@type":75},"KS-CFA records a control-flow trace and the external inputs that determine selected input-sourced control-flow dependent variables inside a TEE. The verifier then replays the reported path using single-path symbolic execution to predict transfers and localize divergences.",{"name":81,"@type":72,"acceptedAnswer":82},"What platforms and transfer types are used to evaluate KS-CFA?",{"text":83,"@type":75},"KS-CFA is implemented and evaluated with the RISC-V Keystone TEE and Embench-IoT on QEMU, and on a Rocket-based FPGA platform (NiteFury II). It targets four transfer types including indirect calls, conditional/indirect jumps, and returns.","https://schema.org",{"og:url":51,"og:type":86,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":88,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":91},[92,96,100,104,109,112,116,121,126,129,133],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":93,"show_sort_weight":94,"slug":95},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":97,"show_sort_weight":98,"slug":99},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":101,"show_sort_weight":102,"slug":103},"Exam",70,"exam",{"id":105,"doc_module":4,"doc_module_name":45,"category_name":106,"show_sort_weight":107,"slug":108},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":110,"slug":111},50,"technology",{"id":113,"doc_module":4,"doc_module_name":45,"category_name":114,"show_sort_weight":28,"slug":115},7,"Healthcare","healthcare",{"id":117,"doc_module":4,"doc_module_name":45,"category_name":118,"show_sort_weight":119,"slug":120},8,"Research & Report",30,"research-report",{"id":122,"doc_module":4,"doc_module_name":45,"category_name":123,"show_sort_weight":124,"slug":125},9,"Religion & Spirituality",20,"religion-spirituality",{"id":124,"doc_module":4,"doc_module_name":45,"category_name":127,"show_sort_weight":124,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":45,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":45,"category_name":135,"show_sort_weight":105,"slug":136},19,"General","general"]