Computer
Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks
IEEE Transactions on Mobile Computing
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 12th ACM conference on Computer and communications security
SCUBA: Secure Code Update By Attestation in sensor networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks
SRDS '07 Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Efficient memory safety for TinyOS
Proceedings of the 5th international conference on Embedded networked sensor systems
Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes
Proceedings of the 5th international conference on Embedded networked sensor systems
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Code injection attacks on harvard-architecture devices
Proceedings of the 15th ACM conference on Computer and communications security
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
Eliminating the call stack to save RAM
Proceedings of the 2009 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Proactive code verification protocol in wireless sensor network
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Security analysis of India's electronic voting machines
Proceedings of the 17th ACM conference on Computer and communications security
SBAP: software-based attestation for peripherals
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Secure code update for embedded devices via proofs of secure erasure
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Kells: a protection framework for portable data
Proceedings of the 26th Annual Computer Security Applications Conference
IEEE Wireless Communications
Retroactive detection of malware with applications to mobile platforms
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
A secure and robust approach to software tamper resistance
IH'10 Proceedings of the 12th international conference on Information hiding
A software-based root-of-trust primitive on multicore platforms
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
VIPER: verifying the integrity of PERipherals' firmware
Proceedings of the 18th ACM conference on Computer and communications security
A TPM-enabled remote attestation protocol (TRAP) in wireless sensor networks
Proceedings of the 6th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Mitigating code-reuse attacks with control-flow locking
Proceedings of the 27th Annual Computer Security Applications Conference
Efficient scheme of verifying integrity of application binaries in embedded operating systems
The Journal of Supercomputing
On the expressiveness of return-into-libc attacks
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
What if you can't trust your network card?
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Scalable integrity-guaranteed AJAX
APWeb'12 Proceedings of the 14th Asia-Pacific international conference on Web Technologies and Applications
KALwEN: a new practical and interoperable key management scheme for body sensor networks
Security and Communication Networks
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Software protection for dynamically-generated code
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
A security framework for the analysis and design of software attestation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Implementation and implications of a stealth hard-drive backdoor
Proceedings of the 29th Annual Computer Security Applications Conference
A novel delay-resilient remote memory attestation for smart grid
WASA'13 Proceedings of the 8th international conference on Wireless Algorithms, Systems, and Applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
SobTrA: a software-based trust anchor for ARM cortex application processors
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices, in applications such as Wireless Sensor Networks, a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. This paper investigates the shortcomings of existing software-based attestation techniques. We first present two generic attacks, one based on a return-oriented rootkit} and the other on code compression. We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes, and argue about the difficulty of fixing them. All attacks presented in this paper were implemented and validated on commodity sensors.