Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Software integrity protection using timed executable agents
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
IEEE Security and Privacy
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Application-Oriented Trust in Distributed Computing
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
VIPER: verifying the integrity of PERipherals' firmware
Proceedings of the 18th ACM conference on Computer and communications security
Poster: practical embedded remote attestation using physically unclonable functions
Proceedings of the 18th ACM conference on Computer and communications security
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Plagiarizing smartphone applications: attack strategies and defense techniques
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Hourglass schemes: how to prove that cloud files are encrypted
Proceedings of the 2012 ACM conference on Computer and communications security
ThinAV: truly lightweight mobile cloud-based anti-malware
Proceedings of the 28th Annual Computer Security Applications Conference
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Sensing-enabled channels for hard-to-detect command and control of mobile devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
A security framework for the analysis and design of software attestation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
We introduce a practical software-based attestation approach. Our new method enables detection of any active malware (e.g., malware that executes or is activated by interrupts) - even if the infection occurred before our security measure was loaded. It works independently of computing platform, and is eminently suited to address the threat of mobile malware, for which the current Anti-Virus paradigm is poorly suited. Our approach is based on memory-printing of client devices. Memory-printing is a novel and light-weight cryptographic construction whose core property is that it takes notably longer to compute a function if given less RAM than for which it was configured. This makes it impossible for a malware agent to remain active (e.g., in RAM) without being detected, when the function is configured to use all space that should be free after all active applications are swapped out. Our approach is based on inherent timing differences for random access of RAM, flash, and other storage; and the time to communicate with external devices. We do not rely on heuristics when arguing our scheme's security. Accordingly, our approach represents a step towards greater rigor and security assurance.