Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2010: Information Systems Security pp 66–80Cite as

Determining the Integrity of Application Binaries on Unsecure Legacy Machines Using Software Based Remote Attestation

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6503))

Abstract

Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basili, V., Perricone, B.: Software errors and complexity: an empirical investigation0. Communications of the ACM 27(1), 52 (1984)

    Article  Google Scholar 

  2. Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating systems errors. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, pp. 73–88. ACM, New York (2001)

    Chapter  Google Scholar 

  3. Cohen, F.: Operating system protection through program evolution* 1. Computers & Security 12(6), 565–584 (1993)

    Article  Google Scholar 

  4. Garay, J., Huelsbergen, L.: Software integrity protection using timed executable agents. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 189–200. ACM, New York (2006)

    Google Scholar 

  5. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. ACM SIGOPS Operating Systems Review 37(5), 206 (2003)

    Article  Google Scholar 

  6. Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, p. 24. ACM, New York (2006)

    Google Scholar 

  7. Kennell, R., Jamieson, L.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th USENIX Security Symposium. pp. 295–308 (2003)

    Google Scholar 

  8. Ostrand, T., Weyuker, E.: The distribution of faults in a large industrial software system. In: Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, p. 64. ACM, New York (2002)

    Google Scholar 

  9. Petroni Jr., N., Fraser, T., Molina, J., Arbaugh, W.: Copilot-a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, p. 13. USENIX Association (2004)

    Google Scholar 

  10. Sahita, R., Savagaonkar, U., Dewan, P., Durham, D.: Mitigating the Lying-Endpoint Problem in Virtualized Network Access Frameworks. In: Clemm, A., Granville, L.Z., Stadler, R. (eds.) DSOM 2007. LNCS, vol. 4785, pp. 135–146. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  11. Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 223–238 (2004)

    Google Scholar 

  12. Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: Proceedings of 2004 IEEE Symposium on Security and Privacy, pp. 272–282. IEEE, Los Alamitos (2004)

    Chapter  Google Scholar 

  13. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. ACM SIGOPS Operating Systems Review 39(5), 1–16 (2005)

    Article  Google Scholar 

  14. Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote software-based attestation for wireless sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Srinivasan, R., Dasgupta, P.: Towards more effective virus detectors. Communications of the Computer Society of India 31(5), 21–23 (2007)

    Google Scholar 

  16. Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Second Workshop on Advances in Trusted Computing, WATC 2006 Fall, Citeseer (2006)

    Google Scholar 

  17. Wang, L., Dasgupta, P.: Coprocessor-based hierarchical trust management for software integrity and digital identity protection. Journal of Computer Security 16(3), 311–339 (2008)

    Article  Google Scholar 

  18. Web-link: Global ip network latency, http://ipnetwork.bgtmo.ip.att.net/pws/network_delay.html (retrieved on January 17, 2010)

  19. Web-link: Vlc media player source code ftp repository, http://download.videolan.org/pub/videolan/vlc/ (retrieved on February 24, 2010)

Download references

Author information

Authors and Affiliations

  1. Arizona State University, Tempe, AZ, 85281, USA

    Raghunathan Srinivasan, Partha Dasgupta & Amiya Bhattacharya

  2. MontaVista Software, LLC, USA

    Tushar Gohad

Authors
  1. Raghunathan Srinivasan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Partha Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tushar Gohad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amiya Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, 382007, Gujarat, India

    Anish Mathuria

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Srinivasan, R., Dasgupta, P., Gohad, T., Bhattacharya, A. (2010). Determining the Integrity of Application Binaries on Unsecure Legacy Machines Using Software Based Remote Attestation. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17714-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17713-2

  • Online ISBN: 978-3-642-17714-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation