Conqueror: Tamper-Proof Code Execution on Legacy Systems

  • Lorenzo Martignoni
  • Roberto Paleari
  • Danilo Bruschi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6201)

Abstract

We present Conqueror, a software-based attestation scheme for tamper-proof code execution on untrusted legacy systems. Beside providing load-time attestation of a piece of code, Conqueror also ensures run-time integrity. Conqueror constitutes a valid alternative to trusted computing platforms, for systems lacking specialized hardware for attestation. We implemented a prototype, specific for the Intel x86 architecture, and evaluated the proposed scheme. Our evaluation showed that, compared to competitors, Conqueror is resistant to static and dynamic attacks and that our scheme represents an important building block for realizing new security systems.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Hillsboro (2009)Google Scholar
  2. 2.
    Garay, J.A., Huelsbergen, L.: Software integrity protection using timed executable agents. In: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, ASIACCS (2006)Google Scholar
  3. 3.
    Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2004)Google Scholar
  4. 4.
    Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: Scuba: Secure code update by attestation in sensor networks. In: Proceedings of the ACM Workshop on Wireless Security, WiSe (2006)Google Scholar
  5. 5.
    Seshadri, A., Luk, M., Perrig, A.: SAKE: Software attestation for key establishment in sensor networks. In: Nikoletseas, S.E., Chlebus, B.S., Johnson, D.B., Krishnamachari, B. (eds.) DCOSS 2008. LNCS, vol. 5067, pp. 372–385. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In: Proceedings of ACM Symposium on Operating Systems Principles, SOSP (2005), http://www.cs.cmu.edu/~arvinds/pioneer.html
  7. 7.
    Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote software-based attestation for wireless sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    AMD, Inc.: AMD Virtualization, http://www.amd.com/virtualization
  9. 9.
    Wurster, G., van Oorschot, P.C., Somayaji, A.: A Generic Attack on Checksumming-Based Software Tamper Resistance. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (2005)Google Scholar
  10. 10.
    Intel, Inc.: Intel Virtualization Technology, http://www.intel.com/technology/virtualization/
  11. 11.
    Klimov, A., Shamir, A.: A New Class of Invertible Mappings. In: Proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems (2003)Google Scholar
  12. 12.
    Robin, J.S., Irvine, C.E.: Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine monitor. In: Proceedings of the 9th USENIX Security Symposium (2000)Google Scholar
  13. 13.
    Giffin, J., Christodorescu, M., Kruger, L.: Strengthening software self-checksumming via self-modifying code. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC (2005)Google Scholar
  14. 14.
    Dai Zovi, D.: Hardware Virtualization Based Rootkits. Black Hat USA (2006), http://blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf
  15. 15.
    Rutkowska, J.: Subverting Vista Kernel For Fun And Profit. Black Hat USA, http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Rutkowska.pdf
  16. 16.
    Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is Not Transparency: VMM Detection Myths and Realities. In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI) (2007)Google Scholar
  17. 17.
    Linn, C., Debray, S.: Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In: Proceedings of the 10th ACM conference on Computer and communications security, CCS (2003)Google Scholar
  18. 18.
    Sun Microsystems, Inc.: Sun xVM VirtualBox, http://www.virtualbox.org/
  19. 19.
    Hex-Rays: IDA Pro., http://www.hex-rays.com/idapro/
  20. 20.
    Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the Difficulty of Software-Based Attestation of Embedded Devices. In: Proceedings of the 16th ACM conference on Computer and Communications Security, CCS (2009)Google Scholar
  21. 21.
    Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th USENIX Security Symposium (2003)Google Scholar
  22. 22.
    Shankar, U., Chew, M., Tygar, J.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar
  23. 23.
    Chen, B., Morris, R.: Certifying Program Execution with Secure Processors. In: Proceedings of the 9th conference on Hot Topics in Operating Systems (2003)Google Scholar
  24. 24.
    Shi, E., Perrig, A., Van Doorn, L.: BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (2005)Google Scholar
  25. 25.
    Trusted Computing Group: http://www.trustedcomputinggroup.org/
  26. 26.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar
  27. 27.
    Kauer, B.: OSLO: Improving the Security of Trusted Computing. In: Proceedings of 16th USENIX Security Symposium (2007)Google Scholar
  28. 28.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a Virtual Machine-based Platform for Trusted Computing. In: Proceedings of the nineteenth ACM symposium on Operating systems principles (2003)Google Scholar
  29. 29.
    McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for tcb minimization. In: Proceedings of the ACM European Conference in Computer Systems, EuroSys (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Lorenzo Martignoni
    • 1
  • Roberto Paleari
    • 2
  • Danilo Bruschi
    • 2
  1. 1.Università degli Studi di Udine 
  2. 2.Università degli Studi di Milano 

Personalised recommendations