PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Intrusion detection using sequences of system calls
Journal of Computer Security
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Model-based behavioral attestation
Proceedings of the 13th ACM symposium on Access control models and technologies
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Detecting motifs in system call sequences
WISA'07 Proceedings of the 8th international conference on Information security applications
Beyond kernel-level integrity measurement: enabling remote attestation for the android platform
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Remote attestation on function execution (work-in-progress)
INTRUST'09 Proceedings of the First international conference on Trusted Systems
| Hi-index | 0.00 |
Remote attestation is a technique in Trusted Computing to verify the trustworthiness of a client platform. The most well-known method of verifying the client system to the remote end is the Integrity Measurement Architecture (IMA). IMA relies on the hashes of applications to prove the trusted state of the target system to the remote challenger. This hash-based approach leads to several problems including highly rigid target domains. To overcome these problems several dynamic attestation techniques have been proposed. These techniques rely on the runtime behavior of an application or data structures and sequence of system calls. In this paper we propose a new attestation technique that relies on the seminal work done in Sequence Time Delay Embedding (STIDE). We present our target architecture in which the client end is leveraged with STIDE and the short sequences of system call patterns associated with a process are measured and reported to the challenger. Furthermore, we investigate how this technique can shorten the reported data as compared to other system call-based attestation techniques. The primary advantage of this technique is to detect zero-day malware at the client platform. There are two most important metrics for the successful implementation of dynamic behavior attestation. One is the time required for processing on the target system and second is the network overhead. In our proposed model we concentrate on maximizing the efficiency of these metrics.