BIND: a fine-grained attestation service for secure distributed systems

In this paper we propose BIND (binding instructions and data), a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and configurations, verification of the hash is difficult. Second, the time-of-use and time-of-attestation discrepancy remains to be addressed, since the code may be correct at the time of the attestation, but it may be compromised by the time of use. The goal of BIND is to address these issues and make code attestation more usable in securing distributed systems. BIND offers the following properties: (1) BIND performs fine-grained attestation. Instead of attesting to the entire memory content, BIND attests only to the piece of code we are concerned about. This greatly simplifies verification. (2) BIND narrows the gap between time-of-attestation and time-of-use. BIND measures a piece of code immediately before it is executed and uses a sandboxing mechanism to protect the execution of the attested code. (3) BIND ties the code attestation with the data that the code produces, such that we can pinpoint what code has been run to generate that data. In addition, by incorporating the verification of input data integrity into the attestation, BIND offers transitive integrity verification, i.e., through one signature, we can vouch for the entire chain of processes that have performed transformations over a piece of data. BIND offers a general solution toward establishing a trusted environment for distributed system designers.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[4]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[5]  Manuel Blum,et al.  Software reliability via run-time result-checking , 1997, JACM.

[6]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Angelos D. Keromytis,et al.  Automated Recovery in a Secure Bootstrap Process , 1998, NDSS.

[8]  Gage Js,et al.  The great Internet Mersenne prime search. , 1998 .

[9]  J. S. Gage The great Internet Mersenne prime search. , 1998, M.D. computing : computers in medical practice.

[10]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[11]  Giovanni Vigna,et al.  Cryptographic Traces for Mobile Agents , 1998, Mobile Agents and Security.

[12]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[13]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[14]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[15]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[16]  Philippe Golle,et al.  Uncheatable Distributed Computations , 2001, CT-RSA.

[17]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[18]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[19]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[21]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[22]  Doug Szajda,et al.  Hardening functions for large scale distributed computations , 2003, 2003 Symposium on Security and Privacy, 2003..

[23]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[24]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[25]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[26]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[27]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[28]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[29]  Danny McPherson,et al.  Practical BGP , 2004 .

[30]  A. Perrig,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM '04.

[31]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[32]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[33]  丸山 宏,et al.  安全なジョブの遠隔実行を可能にするTrusted Platform on demand , 2004 .

[34]  W. Trowbridge WOW , 2005 .

[35]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.