Remote Attestation on Legacy Operating Systems With Trusted Platform Modules

A lot of progress has been made to secure network communication, e.g., through the use of cryptographic algorithms. However, this offers only a partial solution as long as the communicating end points still suffer from security problems. A number of applications require remote verification of software executing on an untrusted platform. Trusted computing solutions propose to solve this problem through software and hardware changes, typically a secure operating system and the addition of a secure coprocessor respectively. On the other hand, timed execution of code checksum calculations aims for a solution on legacy platforms, but can not provide strong security assurance. We present a mixed solution by using the trusted computing hardware, namely the time stamping functionality of the trusted platform module, in combination with a timing based remote code integrity verification mechanism. In this way, we do not require a secure operating system, but at the same time the overall security of the timed execution scheme can be improved.

[1]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[2]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[3]  Mahesh K. Marina,et al.  Performance of route caching strategies in Dynamic Source Routing , 2001, Proceedings 21st International Conference on Distributed Computing Systems Workshops.

[4]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[5]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[6]  Paul C. van Oorschot,et al.  Hardware-assisted circumvention of self-hashing software tamper resistance , 2005, IEEE Transactions on Dependable and Secure Computing.

[7]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[8]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[9]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[10]  Gang Tan,et al.  Delayed and Controlled Failures in Tamper-Resistant Software , 2006, Information Hiding.

[11]  Juan A. Garay,et al.  Software integrity protection using timed executable agents , 2006, ASIACCS '06.

[12]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[13]  Pradeep K. Khosla,et al.  Externally verifiable code execution , 2006, CACM.

[14]  Paul England,et al.  NGSCB: A Trusted Open System , 2004, ACISP.

[15]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[16]  Ahmad-Reza Sadeghi,et al.  TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[17]  Paul C. van Oorschot,et al.  A generic attack on checksumming-based software tamper resistance , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[18]  Xiangyu Zhang,et al.  Hiding program slices for software security , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[19]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[20]  Ulrich Kühn,et al.  Realizing property-based attestation and sealing with commonly available hard- and software , 2007, STC '07.

[21]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[22]  Mariano Ceccato,et al.  Barrier Slicing for Remote Software Trusting , 2007, Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007).

[23]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[24]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[25]  Michael Franz,et al.  Awarded Best Paper! Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing , 2004, Virtual Machine Research and Technology Symposium.

[26]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[27]  Maurice Herlihy,et al.  Virtual Leashing: Internet-Based Software Piracy Protection , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[28]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[29]  J. Doug Tygar,et al.  Side Effects Are Not Sufficient to Authenticate Software , 2004, USENIX Security Symposium.

[30]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[31]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[32]  Alexandru Telea,et al.  SQuAVisiT: A Software Quality Assessment and Visualisation Toolset , 2007 .