Remote attestation to dynamic system properties: Towards providing complete system integrity evidence

2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI:10.1109/DSN.2009.5270348

Chongkyung Kil, E. C. Sezer, Ahmed M. Azab, P. Ning, Xiaolan Zhang

{"title":"Remote attestation to dynamic system properties: Towards providing complete system integrity evidence","authors":"Chongkyung Kil, E. C. Sezer, Ahmed M. Azab, P. Ning, Xiaolan Zhang","doi":"10.1109/DSN.2009.5270348","DOIUrl":null,"url":null,"abstract":"Remote attestation of system integrity is an essential part of trusted computing. However, current remote attestation techniques only provide integrity proofs of static properties of the system. To address this problem we present a novel remote dynamic attestation system named ReDAS (Remote Dynamic Attestation System) that provides integrity evidence for dynamic system properties. Such dynamic system properties represent the runtime behavior of the attested system, and enable an attester to prove its runtime integrity to a remote party. ReDAS currently provides two types of dynamic system properties for running applications: structural integrity and global data integrity. In this work, we present the challenges of remote dynamic attestation, provide an in-depth security analysis and introduce a first step towards providing a complete runtime dynamic attestation framework. Our prototype implementation and evaluation with real-world applications show that we can improve on current static attestation techniques with an average performance overhead of 8%.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"149","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2009.5270348","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 149

Abstract

Remote attestation of system integrity is an essential part of trusted computing. However, current remote attestation techniques only provide integrity proofs of static properties of the system. To address this problem we present a novel remote dynamic attestation system named ReDAS (Remote Dynamic Attestation System) that provides integrity evidence for dynamic system properties. Such dynamic system properties represent the runtime behavior of the attested system, and enable an attester to prove its runtime integrity to a remote party. ReDAS currently provides two types of dynamic system properties for running applications: structural integrity and global data integrity. In this work, we present the challenges of remote dynamic attestation, provide an in-depth security analysis and introduce a first step towards providing a complete runtime dynamic attestation framework. Our prototype implementation and evaluation with real-world applications show that we can improve on current static attestation techniques with an average performance overhead of 8%.

查看原文本刊更多论文

动态系统属性的远程认证:提供完整的系统完整性证据

系统完整性的远程认证是可信计算的重要组成部分。然而，目前的远程认证技术只能提供系统静态属性的完整性证明。为了解决这个问题，我们提出了一种新的远程动态认证系统，称为ReDAS(远程动态认证系统)，它为动态系统属性提供完整性证据。这样的动态系统属性表示被证明系统的运行时行为，并使证明者能够向远程方证明其运行时完整性。ReDAS目前为运行的应用程序提供了两种类型的动态系统属性:结构完整性和全局数据完整性。在这项工作中，我们提出了远程动态认证的挑战，提供了深入的安全分析，并介绍了提供完整的运行时动态认证框架的第一步。我们对实际应用程序的原型实现和评估表明，我们可以在平均性能开销为8%的情况下改进当前的静态认证技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 IEEE/IFIP International Conference on Dependable Systems & Networks

自引率

0.00%

发文量