Improving coherency of runtime integrity measurement

Authors:
Mark Thober;J. Aaron Pendergrass;C. Durward McDonell
Affiliations:
The Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA;The Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA;The Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA
Venue:
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Year:
2008

Citing 7
Cited 4

Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Understanding The Linux Kernel

Understanding The Linux Kernel
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Linux kernel integrity measurement using contextual inspection

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Automated detection of persistent kernel control-flow attacks

Proceedings of the 14th ACM conference on Computer and communications security

Remote Attestation of Attribute Updates and Information Flows in a UCON System

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Host-Based security sensor integrity in multiprocessing environments

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Scalable remote attestation with privacy protection

INTRUST'09 Proceedings of the First international conference on Trusted Systems
JMF: Java measurement framework: language-supported runtime integrity measurement

Proceedings of the seventh ACM workshop on Scalable trusted computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent work in software integrity verification provides techniques for measuring integrity at runtime, where a measurement agent observes the memory image of a running process and constructs some meaningful description of the process's current state. Unlike in static and load time measurement architectures, the target of a runtime measurement is running and hence able to change its state. In this setting, an accurate measurement must reflect a coherent state of the target. A coherent measurement must satisfy two properties: atomicity ensures that a measurement corresponds to the state of the target at a particular point in time and quiescence ensures that the target data is in a consistent state, i.e. not a critical section. We address the former property, showing that we can obtain an atomic measurement using a memory copy-on-write strategy, which we have implemented in the Xen hypervisor. We show that this approach achieves significant performance gains in the memory and time impact to the target, when compared with naive strategies for enforcing atomicity.