Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Noninvasive Methods for Host Certification
ACM Transactions on Information and System Security (TISSEC)
Practical Techniques for Operating System Attestation
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Semantics-Driven Introspection in a Virtual Environment
IAS '08 Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security
Remote attestation on legacy operating systems with trusted platform modules
Science of Computer Programming
Attestation: Evidence and Trust
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Model-Driven Remote Attestation: Attesting Remote System from Behavioral Aspect
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Trustworthy clients: Extending TNC to web-based environments
Computer Communications
Flow processing and the rise of commodity network hardware
ACM SIGCOMM Computer Communication Review
Transparent Process Monitoring in a Virtual Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
| Hi-index | 0.00 |
Attestation of node integrity increases the security of overlay networks by detecting and removing nodes affected by malware. This is fundamental because in an overlay even a single node running some malware can greatly decrease the overlay security. Virtual Integrity Measurement System (VIMS) is a semantic attestation-based framework that determines whether a node can join an overlay according to both its configuration and its current behavior. VIMS fully exploits virtualization by running two virtual machines (VMs) on every overlay node: the Monitored VM (Mon-VM), which runs the overlay application, and the Assurance VM (A-VM), which checks the integrity of the Mon-VM. Before a node is allowed to join an overlay, some overlay nodes interact with the node A-VM to attest the integrity of the applications and of the OS of the node Mon-VM. After this start-up attestation, and as long as the node belongs to the overlay, the A-VM continuously checks the integrity of the Mon-VM to discover anomalies due to attacks. As soon as any check fails, the node is disconnected from the overlay. The security policy of the overlay defines the complexity and the execution frequency of the checks. The complexity ranges from integrity checks on the code of the application and of the OS to a detailed monitoring of the application behavior that exploits introspection. VIMS supports mutual trust because any node of an overlay can assess the integrity of any other node. The paper presents the architecture of VIMS, its application to P2P and VPN overlays and a preliminary evaluation of the corresponding overhead.