HPCCFA: Leveraging Hardware Performance Counters for Control Flow Attestation

Computer Science > Cryptography and Security [Submitted on 31 Mar 2026] HPCCFA: Leveraging Hardware Performance Counters for Control Flow Attestation Claudius Pott, Luca Wilke, Jan Wichelmann, Thomas Eisenbarth Trusted Execution Environments (TEEs) allow the secure execution of code on remote systems without the need to trust their operators. They use static attestation as a central mechanism for establishing trust, allowing remote parties to verify that their code is executed unmodified in an isolated environment. However, this form of attestation does not cover runtime attacks, where an attacker exploits vulnerabilities in the software inside the TEE. Control Flow Attestation (CFA), a form of runtime attestation, is designed to detect such attacks. In this work, we present a method to extend TEEs with CFA and discuss how it can prevent exploitation in the event of detected control flow violations. Furthermore, we introduce HPCCFA, a mechanism that uses HPCs for CFA purposes, enabling hardware-backed trace generation on commodity CPUs. We demonstrate the feasibility of HPCCFA on a proof-of-concept implementation for Keystone on RISC-V. Our evaluation investigates the interplay of the number of measurement points and runtime protection, and reveals a trade-off between detection reliability and performance overhead. Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2603.29749 [cs.CR]   (or arXiv:2603.29749v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.29749 Focus to learn more Submission history From: Claudius Pott [view email] [v1] Tue, 31 Mar 2026 13:51:30 UTC (439 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)