Design and Implementation of a TCG-based Integrity Measurement Architecture

We present the design and implementation of a secure integrity measurement system for Linux. All executable content that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust measurement concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example. We apply our trust measurement architecture to a web server application where we show how our system can detect undesirable invocations, such as rootkit programs, and that our measurement architecture is practical in terms of the number of measurements taken and the performance impact of making them.

[1]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Eugene H. Spafford,et al.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .

[4]  Margo I. Seltzer,et al.  Operating system benchmarking in the wake of lmbench: a case study of the performance of NetBSD on the Intel x86 architecture , 1997, SIGMETRICS '97.

[5]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[7]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[8]  Mike Bond Attacks on Cryptoprocessor Transaction Sets , 2001, CHES.

[9]  Sean W. Smith Outbound Authentication for Programmable Secure Coprocessors , 2002, ESORICS.

[10]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[11]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[12]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[13]  T. Ebringer,et al.  Trusted Platform on demand ( TPod ) , 2004 .

[14]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.