Abstract
To conquer the weakness of existing integrity measurement and verification mechanisms based on trusted computing technology, an integrity assurance mechanism for run-time programs is proposed in this paper. Based on a dynamic integrity measuring module, the proposed integrity assurance mechanism solves the difficulties that may be encountered when attesting to the integrity of running programs. The paper also describes the design and implementation details of the proposed module. An example of applying the proposed mechanism to protect the vTPM instances in Xen hypervisor is presented at last.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible os support and applications for trusted computing. In: 9th conference on Hot Topics in Operating Systems, pp. 25–25. USENIX Association, Berkeley (2003)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)
TCG specification architecture overview revision 1.4, https://www.trustedcomputinggroup.org/specs/IWG
Tpm main specification version 1.2 revision 103 part1&2&3, https://www.trustedcomputinggroup.org/specs/TPM/
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: 13th conference on USENIX Security Symposium, pp. 223–238. USENIX Association, Berkeley (2004)
Jaeger, T., Sailer, R., Shankar, U.: Prima: policy-reduced integrity measurement architecture. In: 11th ACM symposium on Access control models and technologies, pp. 19–28. ACM Press, New York (2006)
National Institute of Standards and Technology: Secure Hash Standard (SHA-1). pp. 180–181. Federal Information Processing Standards Publication (1993)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: 20th ACM symposium on Operating systems principles, pp. 1–16. ACM Press, New York (2005)
Shi, E., Perrig, A., Doorn, L.V.: Bind: A fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168. IEEE Press, Washington (2005)
Goldberg, R.: Survey of Virtual Machine Research. IEEE Computer 7(6), 34–45 (1974)
AMD Corporation: Secure virtual machine architecture reference manual. Technical report (2005)
Intel Corporation: Intel vanderpool technology for ia-32 processors(vt-x) preliminary specification. Technical Report, Intel C97063-001 (2005)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: Virtualizing the trusted platform module. In: 15th conference on USENIX Security Symposium, pp. 305–320. USENIX Association, Berkeley (2006)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: 11th ACM conference on Computer and communications security, pp. 132–145. ACM Press, New York (2004)
Seshadri, A., Perrig, A., Doorn, L.V., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: 2004 IEEE Symposium on Security and Privacy, pp. 272–282. IEEE Press, Washington (2004)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: 3rd conference on Virtual Machine Research And Technology Symposium, p. 3. USENIX Association, Berkeley (2004)
Sadeghi, A.R., Stuble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: 2004 workshop on New security paradigms, pp. 67–77. ACM Press, New York (2004)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: 11th ACM conference on Computer and communications security, pp. 308–317. ACM Press, New York (2004)
Shankar, U., Jaeger, T., Sailer, R.: Toward automated information-flow integrity verification for security-critical applications. In: 2006 ISOC Networked and Distributed Systems Security Symposium, San Diego (2006)
Maruyama, H., Seliger, F., Nagaratnam, N., Ebringer, T., Munetoh, S., Yoshihama, S., Nakamura, T.: Trusted platform on demand. Technical Report RT0564, IBM Tokyo Research Laboratory (2004)
Sandhu, R., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: 10th ACM symposium on Access control models and technologies, pp. 147–158. ACM Press, New York (2005)
Sandhu, R., Ranganathan, K., Zhang, X.: Secure information sharing enabled by trusted computing and pei models. In: 2006 ACM Symposium on Information, computer and communications security, pp. 2–12. ACM Press, New York (2006)
Zhang, X., Chen, S., Sandhu, R.: Enhancing data authenticity and integrity in p2p systems. IEEE Internet Computing 9(6), 42–49 (2005)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a mac-based security architecture for the xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE Press, Washington (2005)
Zhang, X., Covington, M.J., Chen, S., Sandhu, R.: Securebus: towards applicationtransparent trusted computing with mandatory access control. In: 2nd ACM symposium on Information, computer and communications security, pp. 117–126. ACM Press, New York (2007)
Griffin, J., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted virtual domains: Toward secure distributed services. In: 1st Workshop on Hot Topics in System Dependability (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xu, Z., He, Y., Deng, L. (2009). An Integrity Assurance Mechanism for Run-Time Programs. In: Yung, M., Liu, P., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2008. Lecture Notes in Computer Science, vol 5487. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01440-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-01440-6_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01439-0
Online ISBN: 978-3-642-01440-6
eBook Packages: Computer ScienceComputer Science (R0)