Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation

Authors:
Raghunathan Srinivasan;Partha Dasgupta;Tushar Gohad;Amiya Bhattacharya
Affiliations:
Arizona State University, Tempe, AZ;Arizona State University, Tempe, AZ;MontaVista Software, LLC;Arizona State University, Tempe, AZ
Venue:
ICISS'10 Proceedings of the 6th international conference on Information systems security
Year:
2010

Citing 14
Cited 0

Software errors and complexity: an empirical investigation0

Communications of the ACM
Operating system protection through program evolution

Computers and Security
An empirical study of operating systems errors

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The distribution of faults in a large industrial software system

ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Terra: a virtual machine-based platform for trusted computing

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

Proceedings of the twentieth ACM symposium on Operating systems principles
Software integrity protection using timed executable agents

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Linking remote attestation to secure tunnel endpoints

Proceedings of the first ACM workshop on Scalable trusted computing
Establishing the genuinity of remote computer systems

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Coprocessor-based hierarchical trust management for software integrity and digital identity protection

Journal of Computer Security - The Third IEEE International Symposium on Security in Networks and Distributed Systems
Mitigating the lying-endpoint problem in virtualized network access frameworks

DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
Remote software-based attestation for wireless sensors

ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.