Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2012: Trust and Trustworthy Computing pp 179–200Cite as

Verifying System Integrity by Proxy

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Abstract

Users are increasingly turning to online services, but are concerned for the safety of their personal data and critical business tasks. While secure communication protocols like TLS authenticate and protect connections to these services, they cannot guarantee the correctness of the endpoint system. Users would like assurance that all the remote data they receive is from systems that satisfy the users’ integrity requirements. Hardware-based integrity measurement (IM) protocols have long promised such guarantees, but have failed to deliver them in practice. Their reliance on non-performant devices to generate timely attestations and ad hoc measurement frameworks limits the efficiency and completeness of remote integrity verification. In this paper, we introduce the integrity verification proxy (IVP), a service that enforces integrity requirements over connections to remote systems. The IVP monitors changes to the unmodified system and immediately terminates connections to clients whose specific integrity requirements are not satisfied while eliminating the attestation reporting bottleneck imposed by current IM protocols. We implemented a proof-of-concept IVP that detects several classes of integrity violations on a Linux KVM system, while imposing less than 1.5% overhead on two application benchmarks and no more than 8% on I/O-bound micro-benchmarks.

This material is based upon work supported by the National Science Foundation under Grant No. CNS-0931914 and CNS-1117692.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Processor-Based Virtualization, AMD64 Style, http://developer.amd.com/documentation/articles/pages/630200615.aspx

  2. Anderson, J.P.: Computer Security Technology Planning Study. Tech. Rep. ESD-TR-73-51, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford, MA (1972)

    Google Scholar 

  3. Andronick, J., Greenaway, D., Elphinstone, K.: Towards Proving Security in the Presence of Large Untrusted Components. In: Proc. 5th Workshop on Systems Software Verification (2010)

    Google Scholar 

  4. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. IEEE SSP (1997)

    Google Scholar 

  5. Azab, A.M., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.C.: HyperSentry: Enabling Stealthy In-Context Measurement of Hypervisor Integrity. In: Proc. 17th ACM Conference on Computer and Communications Security (2010), http://doi.acm.org/10.1145/1866307.1866313

  6. Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for unix. In: IEEE Symposium on Security and Privacy (1995)

    Google Scholar 

  7. Baliga, A., Ganapathy, V., Iftode, L.: Automatic Inference and Enforcement of Kernel Data Structure Invariants. In: Proc. ACSAC (2008), http://dx.doi.org/10.1109/ACSAC.2008.29

  8. BBC: Amazon apologises for cloud fault one week on, http://www.bbc.co.uk/news/business-13242782

  9. Berger, S., et al.: vTPM: Virtualizing the Trusted Platform Module. In: USENIX Security Symposium (2006)

    Google Scholar 

  10. Biba, K.J.: Integrity Considerations for Secure Computer Systems. Tech. Rep. MTR-3153, MITRE (1975)

    Google Scholar 

  11. Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security

    Google Scholar 

  12. Chen, P.M., Noble, B.D.: When Virtual Is Better Than Real. In: Proc. HotOS (2001)

    Google Scholar 

  13. Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. Security and Privacy (1987)

    Google Scholar 

  14. CVE-2010-3081, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

  15. Fraser, T., Evenson, M.R., Arbaugh, W.A.: VICI Virtual Machine Introspection for Cognitive Immunity. In: Proceedings of the 2008 ACSAC (2008), http://dx.doi.org/10.1109/ACSAC.2008.33

  16. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proc. 19th ACM SOSP (2003)

    Google Scholar 

  17. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. NDSS (2003)

    Google Scholar 

  18. Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Asokan, N.: Beyond Secure Channels. In: Proc. ACM Workshop on Scalable Trusted Computing (2007)

    Google Scholar 

  19. Goldman, K., Perez, R., Sailer, R.: Linking Remote Attestation to Secure Tunnel Endpoints. In: Proc. First ACM Workshop on Scalable Trusted Computing (2006), http://doi.acm.org/10.1145/1179474.1179481

  20. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: Proceedings of the 3rd Conference on Virtual Machine Research And Technology Symposium (2004)

    Google Scholar 

  21. Hay, B., Nance, K.: Forensics examination of volatile system data using virtual introspection. SIGOPS Oper. Syst. Rev. 42, 74–82 (2008)

    Article  Google Scholar 

  22. Trusted Execution Technology, http://www.intel.com/technology/security/

  23. Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: Proc. 11th ACM SACMAT (2006)

    Google Scholar 

  24. Jaeger, T., Sailer, R., Zhang, X.: Analyzing Integrity Protection in the SELinux Example Policy. In: Proc. 12th USENIX-SS (2003)

    Google Scholar 

  25. Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting past and present intrusions through vulnerability-specific predicates. In: SOSP. ACM (2005)

    Google Scholar 

  26. Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: USENIX Security Symposium (2003), http://portal.acm.org/citation.cfm?id=1251353.1251374

  27. Klein, G., et al.: seL4: Formal Verification of an OS Kernel. In: SOSP (2009)

    Google Scholar 

  28. Li, N., Mao, Z., Chen, H.: Usable Mandatory Integrity Protection for Operating Systems. In: Proc. IEEE SSP (2007)

    Google Scholar 

  29. Integrity: Linux Integrity Module(LIM), http://lwn.net/Articles/287790/

  30. Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor Support for Identifying Covertly Executing Binaries. In: Proc. 17th Usenix Security Symposium (2008)

    Google Scholar 

  31. Maruyama, H., Seliger, F., Nagaratnam, N., Ebringer, T., Munetoh, S., Yoshihama, S., Nakamura, T.: Trusted Platform on Demand. Tech. Rep. RT0564. IBM (2004)

    Google Scholar 

  32. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: Proc. IEEE SSP (2010), http://dx.doi.org/10.1109/SP.2010.17

  33. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An Execution Infrastructure for TCB Minimization. In: Proc. 3rd ACM SIGOPS/EuroSys (2008)

    Google Scholar 

  34. Moyer, T., Butler, K., Schiffman, J., McDaniel, P., Jaeger, T.: Scalable Asynchronous Web Content Attestation. In: ACSAC 2009 (2009)

    Google Scholar 

  35. Murray, D.G., Milos, G., Hand, S.: Improving xen security through disaggregation. In: VEE. VEE 2008. ACM (2008)

    Google Scholar 

  36. Linux Kernel Backdoors And Their Detection, http://invisiblethings.org/papers/ITUnderground2004_Linux_kernel_backdoors.ppt

  37. Security-enhanced linux, http://www.nsa.gov/selinux

  38. OpenTC: OpenTC PET, http://www.opentc.net/publications/OpenTC_PET_prototype_documentation_v1.0.pdf

  39. Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Commodity Computers. In: IEEE SP 2010 (2010)

    Google Scholar 

  40. Payne, B.D., Carbone, M., Lee, W.: Secure and Flexible Monitoring of Virtual Machines. In: ACSAC (2007)

    Google Scholar 

  41. Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An architecture for secure active monitoring using virtualization. In: IEEE Symposium on Security and Privacy (May 2008)

    Google Scholar 

  42. Petroni, N.L., Timothy, J., Jesus, F., William, M., Arbaugh, A.: Copilot - A Coprocessor-based Kernel Runtime Integrity Monitor. In: Proc. 13th USENIX Security Symposium (2004)

    Google Scholar 

  43. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: USENIX Security Symposium (2004)

    Google Scholar 

  44. Santos, N., Gummadi, K.P., Rodrigues, R.: Towards Trusted Cloud Computing. In: HOTCLOUD (2009)

    Google Scholar 

  45. Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: Annual Computer Security Applications Conference, pp. 83–92(December 2009)

    Google Scholar 

  46. Schiffman, J., Moyer, T., Jaeger, T., McDaniel, P.: Network-based Root of Trust for Installation. IEEE Security & Privacy (2011)

    Google Scholar 

  47. Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: A Tiny Hypervisor To Provide Lifetime Kernel Code Integrity For Commodity Oses. In: Proceedings of Twenty-First ACM SOSP (2007)

    Google Scholar 

  48. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Code Integrity And Enforcing Untampered Code Execution On Legacy Systems. In: Proceedings of the 20th ACM SOSP (2005)

    Google Scholar 

  49. Shankar, U., Jaeger, T., Sailer, R.: Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. In: Proc. 2006 NDSS (2006)

    Google Scholar 

  50. Sharif, M.I., Lee, W., Cui, W., Lanzi, A.: Secure in-vm monitoring using hardware virtualization. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)

    Google Scholar 

  51. Shi, E., Perrig, A., van Doorn, L.: BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In: IEEE SP 2005 (2005)

    Google Scholar 

  52. Sirer, E.G., de Bruijn, W., Reynolds, P., Shieh, A., Walsh, K., Williams, D., Schneider, F.B.: Logical attestation: an authorization architecture for trustworthy computing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, New York, NY, USA, pp. 249–264 (2011), http://doi.acm.org/10.1145/2043556.2043580

  53. Smalley, S., Vance, C., Salamon, W.: Implementing SELinux as a Linux Security Module. Tech. Rep. 01-043, NAI Labs (2001)

    Google Scholar 

  54. Smith, S.W.: Outbound Authentication for Programmable Secure Coprocessors. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 72–89. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  55. Sony: Update on playstation network and qriocity (April 2011), http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity

  56. Srinivasan, D., Wang, Z., Jiang, X., Xu, D.: Process out-grafting: an efficient ”out-of-vm” approach for fine-grained process execution monitoring. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, New York, NY, USA, pp. 363–374 (2011), http://doi.acm.org/10.1145/2046707.2046751

  57. St. Clair, L., Schiffman, J., Jaeger, T., McDaniel, P.: Establishing and Sustaining System Integrity via Root of Trust Installation. In: Annual Computer Security Applications Conference (2007)

    Google Scholar 

  58. Steinberg, U., Kauer, B.: Nova: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 209–222. ACM, New York (2010)

    Chapter  Google Scholar 

  59. Stumpf, F., Fuchs, A., Katzenbeisser, S., Eckert, C.: Improving the scalability of platform attestation. In: ACM Workshop on Scalable Trusted Computing (2008)

    Google Scholar 

  60. Sun, W., Sekar, R., Poothia, G., Karandikar, T.: Practical Proactive Integrity Preservation: A Basis for Malware Defense. In: Proc. 2008 IEEE SSP (2008)

    Google Scholar 

  61. Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: making trust between applications and operating systems configurable. In: OSDI. USENIX Association, Berkeley (2007)

    Google Scholar 

  62. TCG: Infrastructure Subject Key Attestation Evidence Extension Version 1.0, Revision 5. Tech. report (2005)

    Google Scholar 

  63. TCG: Trusted Network Connect: Open Standards for Integrity-based Network Access Control. Technical report (2005), http://www.trustedcomputinggroup.org

  64. TCG: Trusted Platform Module (2005), https://www.trustedcomputinggroup.org/specs/TPM/

  65. Trousers, http://trousers.sourceforge.net/

  66. VMWare VMsafe, http://www.vmware.com/go/vmsafe

Download references

Author information

Authors and Affiliations

  1. Pennsylvania State University, USA

    Joshua Schiffman, Hayawardh Vijayakumar & Trent Jaeger

Authors
  1. Joshua Schiffman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hayawardh Vijayakumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Trent Jaeger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schiffman, J., Vijayakumar, H., Jaeger, T. (2012). Verifying System Integrity by Proxy. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation