TOCTOU, Traps, and Trusted Computing

  • Sergey Bratus
  • Nihal D’Cunha
  • Evan Sparks
  • Sean W. Smith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


The security of the standard TCG architecture depends on whether the values in the PCRs match the actual platform configuration. However, this design admits potential for time-of-check time-of-use vulnerabilities: a PCR reflects the state of code and data when it was measured, not when the TPM uses a credential or signs an attestation based on that measurement. We demonstrate how an attacker with sufficient privileges can compromise the integrity of a TPM-protected system by modifying critical loaded code and static data after measurement has taken place. To solve this problem, we explore using the MMU and the TPM in concert to provide a memory event trapping framework, in which trap handlers perform TPM operations to enforce a security policy. Our framework proposal includes modifying the MMU to support selective memory immutability and generate higher granularity memory access traps. To substantiate our ideas, we designed and implemented a software prototype system employing the monitoring capabilities of the Xen virtual machine monitor.


Trusted Platform Module Trust Computing Page Table Virtual Address Trust Computing Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Trusted Computing Group: Homepage,
  2. 2.
    Proudler, G.: Concepts of Trusted Computing. In: Mitchell, C. (ed.) Trusted Computing, IET, pp. 11–27 (2005)Google Scholar
  3. 3.
    Bratus, S., Ferguson, A., McIlroy, D., Smith, S.: Pastures: Towards Usable Security Policy Engineering. In: ARES 2007: Proceedings of the The Second International Conference on Availability, Reliability and Security, Washington, DC, USA, pp. 1052–1059. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  4. 4.
    Sadeghi, A.R., Stüble, C.: Property-Based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: New Security Paradigms Workshop (2004)Google Scholar
  5. 5.
    Arce, I.: The Kernel Craze. IEEE Security and Privacy 2(3), 79–81 (2004)CrossRefGoogle Scholar
  6. 6.
    Franklin, M., Mitcham, K., Smith, S.W., Stabiner, J., Wild, O.: CA-in-a-Box. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 180–190. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Bochs: IA-32 Emulator Project,
  9. 9.
    QEMU: Open Source Processor Emulator,
  10. 10.
    Strasser, M.: Software-based TPM Emulator for Linux. Department of Computer Science. Swiss Federal Institute of Technology Zurich (2004)Google Scholar
  11. 11.
    Berger, S., Caceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM – Virtualizing the Trusted Platform Module. In: 15th Usenix Security Symposium, pp. 305–320 (2006)Google Scholar
  12. 12.
    D’Cunha, N.: Exploring the Integration of Memory Management and Trusted Computing. Technical Report TR2007-594, Dartmouth College, Computer Science, Hanover, NH (May 2007)Google Scholar
  13. 13.
    Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication (2005),
  14. 14.
    Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: TCG Inside - A Note on TPM Specification Compliance.Google Scholar
  15. 15.
    Kauer, B.: OSLO: Improving the security of Trusted Computing. Technical report, Technische Universitat Dresden, Department of Computer Science (A later version appeared at USENIX Security 2007) (2007)Google Scholar
  16. 16.
    Sparks, E.: TPM Reset Attack,
  17. 17.
    Greene, T.: Integrity of hardware-based computer security is challenged. NetworkWorld (June 2007)Google Scholar
  18. 18.
    Sparks, E.: A Security Assessment of Trusted Platform Modules. Technical Report TR2007-597, Dartmouth College, Computer Science, Hanover, NH (June 2007)Google Scholar
  19. 19.
    Boneh, D., Brumley, D.: Remote Timing Attacks are Practical. In: Proceedings of the 12th USENIX Security Symposium (2003)Google Scholar
  20. 20.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: USENIX Security Symposium, pp. 223–238 (2004)Google Scholar
  21. 21.
    Marchesini, J., Smith, S.W., Wild, O., Stabiner, J., Barsamian, A.: Open-Source Applications of TCPA Hardware. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189, pp. 294–303. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Marchesini, J., Smith, S.W., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, Dartmouth College, Computer Science, Hanover, NH (December 2003)Google Scholar
  23. 23.
    Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. In: USENIX Virtual Machine Research and Technology Symposium (2004)Google Scholar
  24. 24.
    Petrom Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In: 13th USENIX Security Symposium, pp. 179–194 (2004)Google Scholar
  25. 25.
    Shi, E., Perrig, A., van Doorn, L.: BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In: IEEE Symposium on Security and Privacy, pp. 154–168 (2005)Google Scholar
  26. 26.
    Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pp. 2–13. ACM, New York (2008)CrossRefGoogle Scholar
  27. 27.
    Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP 2007: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pp. 335–350. ACM, New York (2007)CrossRefGoogle Scholar
  28. 28.
    Cabuk, S., Plaquin, D., Dalton, C.I.: A Dynamic Trust Management Solution for Platform Security Using Integrity Measurements. Technical report, Hewlett-Packard Laboratories (April 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Sergey Bratus
    • 1
  • Nihal D’Cunha
    • 1
  • Evan Sparks
    • 1
  • Sean W. Smith
    • 1
  1. 1.Dartmouth College, Hanover, New Hampshire 

Personalised recommendations