A Generic Attack on Checksumming-Based Software Tamper Resistance
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
SCUBA: Secure Code Update By Attestation in sensor networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
FastForward for Efficient Pipeline Parallelism
PACT '07 Proceedings of the 16th International Conference on Parallel Architecture and Compilation Techniques
Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks
SRDS '07 Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
SAKE: Software Attestation for Key Establishment in Sensor Networks
DCOSS '08 Proceedings of the 4th IEEE international conference on Distributed Computing in Sensor Systems
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
A security framework for the analysis and design of software attestation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SobTrA: a software-based trust anchor for ARM cortex application processors
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Software-based root-of-trust has been proposed to overcome the disadvantage of hardware-based root-of-trust, which is the high cost in deployment and upgrade (when vulnerabilities are discovered). However, prior research on software-based root-of-trust only focuses on uniprocessor platforms. The essential security properties of such software-based root-of-trust, as analyzed and demonstrated in our paper, can be violated on multicore platforms. Since multicore processors are becoming increasingly popular, it is imperative to explore the feasibility of software-based root-of-trust on them. In this paper, we analyze the challenges of designing software-based root-of-trust on multicore platforms and present two practical attacks that utilize the parallel computing capability to break the existing schemes. We then propose a timing-based primitive, called MT-SRoT, as the first step towards software-based root-of-trust on multicore platforms. MT-SRoT is able to ensure untam-pered execution of a critical security task, such as remote software attestation, on homogeneous shared-memory multicore platforms without the support of tamper-resistant hardware. We implement MT-SRoT and show its effectiveness on both Intel dual-core and quad-core processors.