Semantic Attestation of Node Integrity in Overlays

  • Fabrizio Baiardi
  • Daniele Sgandurra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6426)


Attestation of node integrity increases the security of overlay networks by detecting and removing nodes affected by malware. This is fundamental because in an overlay even a single node running some malware can greatly decrease the overlay security. Virtual Integrity Measurement System (VIMS) is a semantic attestation-based framework that determines whether a node can join an overlay according to both its configuration and its current behavior. VIMS fully exploits virtualization by running two virtual machines (VMs) on every overlay node: the Monitored VM (Mon-VM), which runs the overlay application, and the Assurance VM (A-VM), which checks the integrity of the Mon-VM. Before a node is allowed to join an overlay, some overlay nodes interact with the node A-VM to attest the integrity of the applications and of the OS of the node Mon-VM. After this start-up attestation, and as long as the node belongs to the overlay, the A-VM continuously checks the integrity of the Mon-VM to discover anomalies due to attacks. As soon as any check fails, the node is disconnected from the overlay. The security policy of the overlay defines the complexity and the execution frequency of the checks. The complexity ranges from integrity checks on the code of the application and of the OS to a detailed monitoring of the application behavior that exploits introspection. VIMS supports mutual trust because any node of an overlay can assess the integrity of any other node.

The paper presents the architecture of VIMS, its application to P2P and VPN overlays and a preliminary evaluation of the corresponding overhead.


Virtual Machine Continuous Monitoring Integrity Measurement Trusted Platform Module Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bajikar, S.: Trusted Platform Module (TPM) based Security on Notebook PCs-White Paper. Mobile Platforms Group, Intel Corporation (June 20, 2002)Google Scholar
  2. 2.
    Pearson, S.: Trusted Computing Platforms, the Next Security Solution. Trusted Computing Group Administration, Beaverton (2002)Google Scholar
  3. 3.
    Tamberi, F., Maggiari, D., Sgandurra, D., Baiardi, F.: Semantics-Driven Introspection in a Virtual Environment. In: IAS 2008: Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security, Washington, DC, USA, pp. 299–302. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  4. 4.
    Baiardi, F., Maggiari, D., Sgandurra, D., Tamberi, F.: Transparent Process Monitoring in a Virtual Environment. Electronic Notes in Theoretical Computer Science 236, 85–100 (2009); Proceedings of the 3rd International Workshop on Views On Designing Complex Architectures, VODCA 2008 (2008)Google Scholar
  5. 5.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium. USENIX Association, Berkeley (2006)Google Scholar
  6. 6. Trusted Boot,
  7. 7.
    Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.T.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)CrossRefGoogle Scholar
  9. 9.
    OpenVPN: An Open Source SSL VPN Solution,
  10. 10. gtk-gnutella: The Graphical Unix Gnutella Client,
  11. 11.
    TPM/J: Java-based API for the Trusted Platform Module (TPM),
  12. 12.
    IOzone: Filesystem Benchmark,
  13. 13.
    Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring Semantic Integrity for Remote Attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81–100. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and Communications Security, pp. 308–317. ACM, New York (2004)Google Scholar
  15. 15.
    Sandhu, R., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: SACMAT 2005: Proceedings of the tenth ACM Symposium on Access Control Models and Technologies, pp. 147–158. ACM, New York (2005)Google Scholar
  16. 16.
    Lioy, A., Ramunno, G., Vernizzi, D.: Trusted-Computing Technologies for the Protection of Critical Information Systems. Journal of Information Assurance and Security 4, 449–457 (2009)Google Scholar
  17. 17.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP 2005: Proceedings of the twentieth ACM symposium on Operating systems principles, pp. 1–16. ACM, New York (2005)Google Scholar
  18. 18.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 19–28. ACM, New York (2006)CrossRefGoogle Scholar
  19. 19.
    Petroni Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium, pp. 289–304. USENIX Association, Berkeley (2006)Google Scholar
  20. 20.
    Schellekens, D., Wyseur, B., Preneel, B.: Remote attestation on legacy operating systems with trusted platform modules. Sci. Comput. Program. 74(1-2), 13–22 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    England, P.: Practical Techniques for Operating System Attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Gu, L., Ding, X., Deng, R.H., Zou, Y., Xie, B., Shao, W., Mei, H.: Model-driven remote attestation: Attesting remote system from behavioral aspect. In: ICYCS 2008: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists, Washington, DC, USA, pp. 2347–2353. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  23. 23.
    Traynor, P., Chien, M., Weaver, S., Hicks, B., Mc Daniel, P.: Non Invasive Methods for Host Certification. ACM Trans. on Information and System Security 11(3), 1–23 (2008)CrossRefGoogle Scholar
  24. 24.
    Trusted Computing Group: TCG Trusted Network Connect TNC Architecture for Interoperability. Specification Version 1.3 Revision 6 (April 2008)Google Scholar
  25. 25.
    Rehbock, S., Hunt, R.: Trustworthy clients: Extending tnc to web-based environments. Comput. Commun. 32(5), 1006–1013 (2009)CrossRefGoogle Scholar
  26. 26.
    Greenhalgh, A., Huici, F., Hoerdt, M., Papadimitriou, P., Handley, M., Mathy, L.: Flow processing and the rise of commodity network hardware. SIGCOMM Comput. Commun. Rev. 39(2), 20–26 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Fabrizio Baiardi
    • 1
  • Daniele Sgandurra
    • 2
  1. 1.Polo G. Marconi, La Spezia, Università di PisaItaly
  2. 2.Dipartimento di InformaticaUniversità di PisaItaly

Personalised recommendations