Practical Techniques for Operating System Attestation

  • Paul England
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


This paper describes three practical techniques for authenticating the code and other execution state of an operating system using the services of the TPM and a hypervisor. The techniques trade off detailed reporting of the OS code and configuration with the manageability and comprehensibility of reported configurations. Such trade-offs are essential because of the complexity and diversity of modern general purpose operating systems makes simple code authentication schemes using code hashes or certificates infeasible.


trusted computing attestation security distributed systems security models 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Specifications are available on the TCG web site,
  2. 2.
    Microft Online Crash Analysis dataGoogle Scholar
  3. 3.
    Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture (1997)Google Scholar
  4. 4.
    Chen, L., Landfermann, R., Lohr, M., Rohe, A.S., Stuble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)CrossRefGoogle Scholar
  5. 5.
    England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)CrossRefGoogle Scholar
  6. 6.
    England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Franklin, M., Mitcham, K., Smith, S.W., Stabiner, J., Wild, O.: Ca-in-a-box. In: EuroPKI: Lecture notes in computer science, pp. 180–190 (2005)Google Scholar
  8. 8.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP 2003: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 193–206. ACM, New York (2003)CrossRefGoogle Scholar
  9. 9.
    Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)Google Scholar
  10. 10.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: VM 2004: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, Berkeley, CA, USA, p. 3. USENIX Association (2004)Google Scholar
  11. 11.
    Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: FAST 2003: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, Berkeley, CA, USA, pp. 29–42. USENIX Association (2003)Google Scholar
  12. 12.
    Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the vax vmm security kernel. IEEE Trans. Softw. Eng. 17(11), 1147–1165 (1991)CrossRefGoogle Scholar
  13. 13.
    Kauer, B.: Oslo: Improving the security of trusted computing. In: Proceedings of the 16th USENIX Security Symposium (2007)Google Scholar
  14. 14.
    Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 50–57. ACM, New York (2007)CrossRefGoogle Scholar
  15. 15.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)CrossRefGoogle Scholar
  16. 16.
    Loeser, J., England, P.: Para-virtualized tpm sharing. In: Proceedings of TRUST2008 (these proceedings), London, UK, Springer, Heidelberg (2008)Google Scholar
  17. 17.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  18. 18.
    Mitchell, C.: Trusted Computing (Professional Applications of Computing) (Professional Applications of Computing). IEE (2005)Google Scholar
  19. 19.
    Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context (HP Professional Series). Prentice Hall, Englewood Cliffs (2002)Google Scholar
  20. 20.
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Paul England
    • 1
  1. 1.Microsoft Corporation 

Personalised recommendations