Abstract
Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified EnforcerĀ (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware ProcessorĀ (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Advanced Micro Devices: AMD64 architecture programmers manual. System Programming, vol. 2. Publication Number: 24593 (June 2010)
ARM Limited: ARM security technologyāBuilding a secure system using TrustZone technology. PRD29-GENC-009492C (April 2009)
Azab, A.M., Ning, P., Sezer, E.C., Zhang, X.: HIMA: A hypervisor-based integrity measurement agent. In: Proceedings of the 25th Annual Computer Security Applications Conference, ACSAC 2009, Honolulu, HI, USA, pp. 461ā470 (December 2009)
Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, IL, USA, pp. 38ā49 (October 2010)
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol.Ā 3017, pp. 389ā407. Springer, Heidelberg (2004)
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a board range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Security 2003, Washington, DC, USA (August 2003)
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: Generalizing return-oriented programming to RISC. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, VA, USA, pp. 27ā38 (October 2008)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information TheoryĀ 29(2), 198ā208 (1983)
Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM reloaded. In: CanSecWest 2009, Vancouver, Canada (March 2009)
Intel: Intel trusted execution technology software development guide. Document Number: 315168-006 (December 2009)
International Business Machines: IBM X-Force 2010 mid-year trend and risk report (August 2010), http://www.ibm.com/services/us/iss/xforce/trendreports/
LeMay, M., Gunter, C.A.: Cumulative Attestation Kernels for Embedded Systems. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.Ā 5789, pp. 655ā670. Springer, Heidelberg (2009)
Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th USENIX Security Symposium, Security 2008, San Jose, CA, USA, pp. 243ā258 (July 2008)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the 31st IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 143ā158 (May 2010)
Murase, M., Shimizu, K., Plouffe, W., Sakamoto, M.: Effective implementation of the cell broadband engine(TM) isolation loader. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, Chicago, IL, USA, pp. 303ā313 (November 2009)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, Security 2004, San Diego, CA, USA (August 2004)
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: SCUBA: Secure code update by attestation in sensor networks. In: Proceedings of the 5th ACM Workshop on Wireless Security, WiSe 2006, Los Angeles, CA, USA, pp. 85ā94 (September 2006)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of the 21st ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, Stevenson, WA, USA, pp. 335ā350 (October 2007)
SHA-3 proposal BLAKE, http://131002.net/blake/
Wang, J., Stavrou, A., Ghosh, A.: HyperCheck: A hardware-assisted integrity monitor. In: Proceedings of the 13th international symposium on Recent Advances in Intrusion Detection, RAID 2010, Ottawa, ON, CA , pp. 158ā177 (September 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
LeMay, M., Gunter, C.A. (2011). Enforcing Executing-Implies-Verified with the Integrity-Aware Processor. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)