Abstract
The problem of software integrity is traditionally addressed as the static verification of the code before the execution, often by checking the code signature. However, there are no well-defined solutions to the run-time verification of code integrity when the code is executed remotely, which is refer to as run-time remote entrusting. In this paper we present the research challenges involved in run-time remote entrusting and how we intend to solve this problem. Specifically, we address the problem of ensuring that a given piece of code executes on an remote untrusted machine and that its functionalities have not been tampered with both before execution and during run-time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Baldi, M., Ofek, Y., Young, M.: Idiosyncratic Signatures for Authenticated Execution of Management Code. In: Brunner, M., Keller, A. (eds.) DSOM 2003. LNCS, vol. 2867, Springer, Heidelberg (2003)
Baldi, M., Ofek, Y., Young, M.: The TrustedFlow(TM) Protocol - Idiosyncratic Signatures for Authenticated Execution. In: 4th Annual IEEE Information Assurance Workshop, West Point, NY, USA (June 2003)
Oh, N., Shirvani, P.P., McCluskey, E.J.: Control-flow checking by software signatures. IEEE Transactions on Reliability 51(1) (March 2002)
Ohlsson, J., Rimen, M.: Implicit signature checking. In: Proceedings of 25th International Symposium on Fault-Tolerant Computing (June 1995)
Benso, A., Di Carlo, S., Di Natale, G., Prinetto, P., Tagliaferri, L.: Control-flow checking via regular expressions. In: Proceedings of 10th Asian Test Symposium (November 2001)
Oh, N., Mitra, S., McCluskey, E.J.: ED4 I: error detection by diverse data and duplicated instructions. IEEE Transactions on Computers 51(2) (February 2002)
Oh, N., Shirvani, P.P., McCluskey, E.J.: Error detection by duplicated instructions in super-scalar processors. IEEE Transactions on Reliability 51(1) (March 2002)
Benso, A., Chiusano, S., Prinetto, P., Tagliaferri, L.: A C/C++ source-to-source compiler for dependable applications. In: DSN. Proceedings of International Conference on Dependable Systems and Networks (June 2000)
Collberg, C., Thomborson, C., Low, D.: Watermarking: Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Transactions on Software Engineering 28 (2002)
Naumovich, G., Memon, N.: Preventing piracy, reverse engineering, and tampering. IEEE Computer 36(7), 64–71 (2003)
Wang, C., Davidson, J., Hill, J., Knight, J.: Protection of software-based survivability mechanisms. In: DSN. Proceeding of International Conference on Dependable Systems and Networks, Goteborg, Sweden (July 2001)
Valdez, E., Yung, M.: Software DisEngineering: Program Hiding Architecture and Experiments. Information Hiding (1999)
Linn, C., Debray, S.: Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In: CCS. Proceedings of the 10th ACM Conference on Computer and Communications Security (October 2003)
Appel, A.W.: Deobfuscation is in NP, www.cs.princeton.edu/appel/papers/deobfus.pdf
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)
McGraw, G., Felten, E.W.: Mobile Code and Security. IEEE Internet computing 2(6) (1998)
Esparza, O., Soriano, M., Munoz, J.L., Forne, J.: Detecting and Proving Manipulation Attacks in Mobile Agent Systems. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 224–233. Springer, Heidelberg (2004)
Sander, T., Tschudin, C.F.: Towards Mobile Cryptography. IEEE Symposium on Security and Privacy (May 1998)
Sander, T., Tschudin, C.F.: Protecting mobile agents against malicious hosts. LNCS (1998)
Badger, L., et al.: Self-protecting mobile agents obfuscation techniques evaluation report. NAI Labs Report (November 2001), www.isso.sparta.com/research/documents/spma.pdf
Pearson, S.: Trusted computing platforms, the next security solution. Technical Report HPL-2002-221, HP Laboratories (2002)
The Trusted Computing Group, https://www.trustedcomputinggroup.org
Next Generation Secure Computing Base, http://www.microsoft.com/resources/ngscb
York, R.: A New Foundation for CPU Systems Security. ARM Limited, http://www.arm.com
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium San Diego, CA, USA (August 2004)
Kennell, R., Jamieson, L.H.: Establishing the Genuinity of Remote Computer Systems. In: Proceedings of the 12th USENIX Security Symposium (2003)
Mana, A., Lopez, J., Ortega, J., Pimentel, E., Troya, J.M.: A Framework for Secure Execution of Software. International Journal of Information Security 3(2) (2004)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.K.: Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP. Proceedings of the 20th ACM Symposium on Operating Systems Principles, Brighton, UK, pp. 1–16 (October 23-26, 2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ceccato, M., Ofek, Y., Tonella, P. (2008). Remote Entrusting by Run-Time Software Authentication. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds) SOFSEM 2008: Theory and Practice of Computer Science. SOFSEM 2008. Lecture Notes in Computer Science, vol 4910. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77566-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-77566-9_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77565-2
Online ISBN: 978-3-540-77566-9
eBook Packages: Computer ScienceComputer Science (R0)