Realizing Macro Based Technique for Behavioral Attestation on Remote Platform

In Trusted Computing, the client platform is checked for its trustworthiness using Remote Attestation. Integrity Measurement Architecture (IMA) is a well-known technique of TCG based attestation. However, due to static nature of IMA, it cannot be aware of the runtime behavior of applications which leads to integrity problems. To overcome this problem several dynamic behavior-based attestation techniques have been proposed that can measure the run-time behavior of applications by capturing all system-calls produced by them. In this paper, we have proposed a system call based technique of intrusion detection for remote attestation in which macros are used for reporting. Macros are used to denote subsequences of system calls of variable length. The basic goal of this paper is to shorten the number of system calls by the concept of macros which ultimately reduces the processing time as well as network overhead.

[1]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[3]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[4]  Jawad Ali,et al.  Efficient, Scalable and Privacy Preserving Application Attestation in a Multi Stakeholder Scenario , 2016, ICCSA.

[5]  Mohammad Nauman,et al.  A sense of others: behavioral attestation of UNIX processes on remote platforms , 2012, ICUIMC '12.

[6]  Robert H. Deng,et al.  Remote Attestation on Function Execution (Work-in-Progress) , 2009, INTRUST.

[7]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[8]  Steven A. Hofmeyr,et al.  Intrusion Detection via System Call Traces , 1997, IEEE Softw..

[9]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[10]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[11]  Aaron Weiss Trusted computing , 2006, NTWK.

[12]  Jawad K. Ali,et al.  A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices , 2017 .

[13]  Mohammad Nauman,et al.  Using trusted computing for privacy preserving keystroke-based authentication in smartphones , 2013, Telecommun. Syst..

[14]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .

[15]  J. Aaron Pendergrass,et al.  Linux kernel integrity measurement using contextual inspection , 2007, STC '07.

[16]  Shahrulniza Musa,et al.  Providing efficient, scalable and privacy preserved verification mechanism in remote attestation , 2016, 2016 International Conference on Information and Communication Technology (ICICTM).

[17]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.