Efficient, Scalable and Privacy Preserving Application Attestation in a Multi Stakeholder Scenario

  • Toqeer Ali
  • Jawad Ali
  • Tamleek Ali
  • Mohammad Nauman
  • Shahrulniza Musa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9789)


Measurement and reporting of dynamic behavior of a target application is a pressing issue in the Trusted Computing paradigm. Remote attestation is a part of trusted computing, which allows monitoring and verification of a complete operating system or a specific application by a remote party. Several static remote attestation techniques have been proposed in the past but most of the feasible ones are static in nature. However, such techniques cannot cater to dynamic attacks such as the infamous Heartbleed bug. Dynamic attestation offers a solution to this issue but is impractical due to the infeasibility of measurement and reporting of enormous runtime data. To an extent, it is possible to measure and report the dynamic behavior of a single application but not the complete operating system. The contribution of this paper is to provide the design and implementation of a scalable dynamic remote attestation mechanism that can measure and report multiple applications from different stakeholders simultaneously while ensuring privacy of each stakeholder. We have implemented our reference monitor and tested on Linux Kernel. We show through empirical results that this design is high scalable and feasible for a large number of stakeholders.


System Call Intrusion Detection System Trusted Platform Module Trust Computing Group Reference Monitor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122–132. ACM (2012)Google Scholar
  2. 2.
    Uppuluri, P., Sekar, R.: Experiences with specification-based intrusion detection. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 172–189. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Ni, L., Zheng, H.-Y.: An unsupervised intrusion detection method combined clustering with chaos simulated annealing. In: 2007 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 3217–3222. IEEE (2007)Google Scholar
  4. 4.
    Milenković, M., Milenković, A., Jovanov, E.: Hardware support forcode integrity in embedded processors. In: Proceedings of the 2005 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, pp. 55–65. ACM (2005)Google Scholar
  5. 5.
    Trusting Computing Group (2014). Accessed 17 Dec 2015
  6. 6.
    Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., OHanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int. J. Inform. Secur. 10(2), 63–81 (2011). CrossRefGoogle Scholar
  7. 7.
    Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a TCG-based integrity measurement architectureGoogle Scholar
  8. 8.
    Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted computing, ser. STC 2008, pp. 11–20. ACM, New York (2008).
  9. 9.
    Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: towards providing complete system integrity evidence. In: IEEE/IFIP International Conference on Dependable Systems & Networks, DSN 2009, pp. 115–124. IEEE (2009)Google Scholar
  10. 10.
    Prandini, M., Ramilli, M.: Return-oriented programming. IEEE Secur. Priv. 10(6), 84–87 (2012)CrossRefGoogle Scholar
  11. 11.
    Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)Google Scholar
  12. 12.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linuxkernel integrity measurement using contextual inspection. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, ser. STC 2007, pp. 21–29. ACM, New York (2007).
  13. 13.
    Liang, G., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on function execution (2009)Google Scholar
  14. 14.
    Tanveer, T.A., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 73–87. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Alam, M., Zhang, X., Nauman, M., Ali, T., Seifert, J.-P.: Model-basedbehavioral attestation. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 175–184. ACM (2008)Google Scholar
  16. 16.
    Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM (2014)Google Scholar
  17. 17.
    Gong, Y., Mabu, S., Chen, C., Wang, Y., Hirasawa, K.: Intrusion detection system combining misuse detection and anomaly detection using genetic network programming. In: ICCAS-SICE 2009, pp. 3463–3467. IEEE (2009)Google Scholar
  18. 18.
    Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63(4), 807–819 (2014)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116–127. ACM (2007)Google Scholar
  20. 20.
    Ali, T., Alam, M., Nauman, M., Ali, T., Ali, M., Anwar, S.: A scalable andprivacy preserving remote attestation mechanism. Inform. Int. Interdisc. J. 14(4), 1193–1203 (2011)Google Scholar
  21. 21.
    Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ser. ICUIMC 2014, pp. 36:1–36:8. ACM, New York (2014).

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Toqeer Ali
    • 1
  • Jawad Ali
    • 2
  • Tamleek Ali
    • 2
  • Mohammad Nauman
    • 3
  • Shahrulniza Musa
    • 1
  1. 1.Malaysian Institute of Information TechnologyUniversiti Kuala LumpurKuala LumpurMalaysia
  2. 2.Institute of Management SciencesPeshawarPakistan
  3. 3.Max Planck Institute for Software SystemsKaiserslauternGermany

Personalised recommendations