Denali: a goal-directed superoptimizer
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Generic Attack on Checksumming-Based Software Tamper Resistance
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Strengthening Software Self-Checksumming via Self-Modifying Code
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
SCUBA: Secure Code Update By Attestation in sensor networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Detecting code alteration by creating a temporary memory bottleneck
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A software-based root-of-trust primitive on multicore platforms
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Practical and Secure Software-Based Attestation
LIGHTSEC '11 Proceedings of the 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications
Hi-index | 0.00 |
In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.