Property-based testing: a new approach to testing for assurance
ACM SIGSOFT Software Engineering Notes
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
A protocol for property-based attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
SAConf: Semantic Attestation of Software Configurations
ATC '09 Proceedings of the 6th International Conference on Autonomic and Trusted Computing
LaLa: a late launch application
Proceedings of the 2009 ACM workshop on Scalable trusted computing
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Most existing attestation schemes deal with binaries and typically require an exhaustive list of known-good measurements beforehand in order to perform verification. However, many programs nowadays are custom-built: the end user is allowed to tailor, compile and build the source code into various versions, or even build everything from scratch. As a result, it is very difficult, if not impossible, for existing schemes to attest the custom-built software with theoretically unlimited number of valid binaries available. This paper introduce SCOBA, a new Source COde Based Attestation framework, to specifically deal with the attestation on custom software. Instead of trying to obtain a know-good measurement list, SCOBA focuses on the source code and provides a trusted building process to attest the resulting binaries based on the source files and building configuration. SCOBA introduces a trusted verifier to certify the binary code of custom-build program according to its source code and building configuration. For custom-built software based on open-source distributions, we implemented a fully automatic trusted building system prototype for SCOBA based on GCC and TPM. As a case study, we also applied SCOBA to Gentoo and its Portage, which is a source code based package management system. Experimental results show that remote attestation, one of the key TCG features, can be made practically available to the free software community.