Measuring Semantic Integrity for Remote Attestation

  • Fabrizio Baiardi
  • Diego Cilea
  • Daniele Sgandurra
  • Francesco Ceccarelli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)


We propose a framework for the attestation of the integrity of a remote system that considers not only the configuration of the system to be attested but also its current behaviour. The resulting architecture, called Virtual machine Integrity Measurement System (VIMS), is based upon virtualization technology and it runs two virtual machines on a system to be attested, i.e. the Client (C-VM) and the Assurance VM (A-VM). A generic remote server (REM-S) accepts incoming connections and cooperates with the A-VM to authenticate and attest the integrity of the C-VM and of the software it runs. The A-VM is a shadow machine that exploits virtual machine introspection to apply a set of consistency checks on the configuration of the C-VM and on the software it currently runs. The checks depend upon the security policies that the REM-S establishes in the initial connection handshake. The REM-S defines both the complexity of checks to be applied and the frequency of their execution and it communicates the security policy to the A-VM through a control channel. Policies that can be applied range from the one that simply checks the integrity of the binaries loaded by the C-VM to those that continuously monitor the dynamic behaviour of applications to discover attacks that alter their expected behaviour. The control channel also transmits the results of the checks from the A-VM to the REM-S. As an example, remote attestation can be adopted when a client software on the C-VM tries to establish a secure channel to a REM-S on an Intranet.

After describing the overall VIMS architecture, we present and discuss the implementation and the performance of a first prototype.


Virtual Machine Security Policy Trusted Platform Module Virtual Machine Monitor Hash Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cabuk, S., Dalton, C.I., Ramasamy, H., Schunter, M.: Towards automated provisioning of secure virtualized networks. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 235–245. ACM, New York (2007)Google Scholar
  2. 2.
    Griffin, J., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted Virtual Domains: Toward secure distributed services. In: Proc. of 1st IEEE Workshop on Hot Topics in System Dependability (HotDep) (2005)Google Scholar
  3. 3.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th Symposium on Operating System Principles(SOSP 2003) (October 2003)Google Scholar
  4. 4.
    Sailer, R., Zhang, X., Jaeger, T.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th conference on USENIX Security Symposium, pp. 223–238 (2004)Google Scholar
  5. 5.
    Kyle, D., Brustoloni, J.C.: Uclinux: a linux security module for trusted-computing-based usage controls enforcement. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 63–70. ACM, New York (2007)CrossRefGoogle Scholar
  6. 6.
    Jansen, B., Ramasamy, H., Schunter, M.: Policy enforcement and compliance proofs for Xen virtual machines. In: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, pp. 101–110 (2008)Google Scholar
  7. 7.
    Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 308–317. ACM, New York (2004)Google Scholar
  8. 8.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP 2005: Proceedings of the twentieth ACM symposium on Operating systems principles, pp. 1–16. ACM, New York (2005)CrossRefGoogle Scholar
  9. 9.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)Google Scholar
  10. 10.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)CrossRefGoogle Scholar
  11. 11.
    Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation: scalable and privacy-friendly security assessment of peer computers. Research Report RZ3548, IBM Corporation (May 2004)Google Scholar
  12. 12.
    Petroni Jr., N., Fraser, T., Walters, A., Arbaugh, W.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proc. of the 15th USENIX Security Symposium (2006)Google Scholar
  13. 13.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: VM 2004: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, Berkeley, CA, USA, p. 3. USENIX Association (2004)Google Scholar
  14. 14.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 19–28. ACM, New York (2006)CrossRefGoogle Scholar
  15. 15.
    Pearson, S.: Trusted Computing Platforms, the Next Security Solution. Beaverton. Trusted Computing Group Administration, USA (2002)Google Scholar
  16. 16.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 21–29. ACM, New York (2007)CrossRefGoogle Scholar
  17. 17.
    Bajikar, S.: Trusted Platform Module (TPM) based Security on Notebook PCs-White Paper. Mobile Platforms Group, Intel Corporation (June 20, 2002)Google Scholar
  18. 18.
    Intel: Trusted Execution Technology,
  19. 19.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: USENIX-SS’06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 21. USENIX Association (2006)Google Scholar
  20. 20.
    England, P., Loeser, J.: Para-Virtualized TPM Sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P.: ReVirt: enabling intrusion analysis through virtual-machine logging and replay. ACM SIGOPS Operating Systems Review 36, 211–224 (2002)CrossRefGoogle Scholar
  22. 22.
    Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proc. Network and Distributed Systems Security Symposium (February 2003)Google Scholar
  23. 23. Trusted Boot,
  24. 24.
    Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles (October 2003)Google Scholar
  25. 25.
    Sgandurra, D., Baiardi, F., Maggiari, D., Tamberi, F.: Transparent Process Monitoring in a Virtual Environment. In: Proceedings of the Third International Workshop on Views On Designing Complex Architectures (VODCA 2008), Bertinoro. ENTCS, Elsevier ScienceDirect (to appear) (2008)Google Scholar
  26. 26.
    Tamberi, F., Maggiari, D., Sgandurra, D., Baiardi, F.: Semantics-Driven Introspection in a Virtual Environment. In: Proceedings of the Fourth International Conference on Information Assurance and Security (IAS 2008), pp. 299–302 (2008)Google Scholar
  27. 27.
    OpenVPN: An Open Source SSL VPN Solution,
  28. 28.
    TPM/J: Java-based API for the Trusted Platform Module (TPM),
  29. 29.
    IOzone: Filesystem Benchmark,
  30. 30.
    Mosberger, D., Jin, T.: httperf: a tool for measuring web server performance. ACM SIGMETRICS Performance Evaluation Review 26(3), 31–37 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Fabrizio Baiardi
    • 1
  • Diego Cilea
    • 2
  • Daniele Sgandurra
    • 2
  • Francesco Ceccarelli
    • 3
  1. 1.Polo G. Marconi, La SpeziaUniversità di PisaItaly
  2. 2.Dipartimento di InformaticaUniversità di PisaItaly
  3. 3.ENEL SpAItaly

Personalised recommendations