通用可信组件上主动执行代码的安全标识

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2016-06-01 DOI:10.1109/DSN.2016.45

Bruno Vavala, N. Neves, P. Steenkiste

{"title":"通用可信组件上主动执行代码的安全标识","authors":"Bruno Vavala, N. Neves, P. Steenkiste","doi":"10.1109/DSN.2016.45","DOIUrl":null,"url":null,"abstract":"Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today's approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.","PeriodicalId":102292,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Secure Identification of Actively Executed Code on a Generic Trusted Component\",\"authors\":\"Bruno Vavala, N. Neves, P. Steenkiste\",\"doi\":\"10.1109/DSN.2016.45\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today's approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.\",\"PeriodicalId\":102292,\"journal\":{\"name\":\"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"127 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2016.45\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2016.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

代码标识是可信计算中经过身份验证的操作的基本概念。在目前的方法中，为受保护的服务分配标识的开销随着服务代码大小呈线性增加。此外，服务代码的大小也在不断增长，以适应更丰富的服务。这种趋势会对当前可信执行协议的安全性或效率产生负面影响。我们提供了一个执行协议，它打破了服务代码大小和标识开销之间的依赖关系，而不影响安全性，并且可以在不同的可信组件上工作。这是通过计算实际执行的每个代码模块的标识来实现的，然后构建一个健壮的信任链，将它们连接在一起以进行有效的验证。我们在一个广泛部署的数据库引擎上实现并应用了我们的协议，与引擎的单片执行相比，查询处理时间提高了2倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure Identification of Actively Executed Code on a Generic Trusted Component

Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today's approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量