Advertisement

Remote Attestation on Function Execution (Work-in-Progress)

  • Liang Gu
  • Yueqiang Cheng
  • Xuhua Ding
  • Robert H. Deng
  • Yao Guo
  • Weizhong Shao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6163)

Abstract

A program is a compound of various subroutines playing different roles. In this paper, we study how to attest the execution of those mission-critical subroutines whose execution is the basis to establish trust. Our results include a new attestation scheme called function attestation. Given a function F of a program \(\mathcal{P}\), the proposed scheme allows for an efficient and secure attestation by using the debug facility of processors and building a trust chain rooted at TPM. Our scheme is lightweight and easy to deploy. It can also be easily extended to support multiple-threaded programs and data flow attestation with slightly more overhead.

Keywords

Trusted computing remote attestation mission-critical function 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)CrossRefGoogle Scholar
  2. 2.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra a virtual machine-based platform for trusted computing. In: SOSP 2003, Bolton Landing, New York, USA (October 2003)Google Scholar
  3. 3.
    Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Xu, S., Nita-Rotaru, C., Seifert, J.-P. (eds.) Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, Alexandria, VA, USA, October 31, pp. 11–20. ACM, New York (2008)CrossRefGoogle Scholar
  4. 4.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation—a virtual machine directed approach to trusted computing. In: The Third virtual Machine Research and Technology Symposium (VM 2004). USENIX (2004)Google Scholar
  5. 5.
    Intel Corporation. Intel IA-64 Architecture Software Developer’s Manual: Volume 1: IA-64 Application Architecture. Intel Corporation, pub-INTEL:adr (January 2000)Google Scholar
  6. 6.
    Intel Corporation. Intel IA-64 Architecture Software Developer’s Manual: Volume 4: Itanium Processor Programmer’s Guide. Intel Corporation, pub-INTEL:adr (January 2000)Google Scholar
  7. 7.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)CrossRefGoogle Scholar
  8. 8.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)CrossRefGoogle Scholar
  9. 9.
    McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Sventek, J.S., Hand, S. (eds.) Proceedings of the 2008 EuroSys Conference, Glasgow, Scotland, UK, April 1-4, pp. 315–328. ACM, New York (2008)Google Scholar
  10. 10.
    Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical report, IBM Research Report RZ 3548 (2004)Google Scholar
  11. 11.
    Sadeghi, A.-R., Stble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: New Security Paradigms (2004)Google Scholar
  12. 12.
    Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004, Washington, DC, USA, October 25-29 (2004)Google Scholar
  13. 13.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA (August 2004)Google Scholar
  14. 14.
    Shi, E., Perrig, A., Van Doorn, L.: Bind: A fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy (2005)Google Scholar
  15. 15.
    Trusted Computing Group. Trusted platform module main specification (October 2003), http://www.trustedcomputinggroup.org
  16. 16.
    Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux Security Modules: General security support for the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium, USENIX (August 2002)Google Scholar
  17. 17.
    Li, X.-Y., Shen, C.-X., Zuo, X.-D.: An efficient attestation for trustworthiness of computing platform. In: Proceedings of the 2006 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2006 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Liang Gu
    • 1
  • Yueqiang Cheng
    • 2
  • Xuhua Ding
    • 2
  • Robert H. Deng
    • 2
  • Yao Guo
    • 1
  • Weizhong Shao
    • 1
  1. 1.Key Laboratory of High Confidence Software TechnologiesPeking UniversityChina
  2. 2.School of Information SystemsSingapore Management UniversitySingapore

Personalised recommendations