Reflection as a mechanism for software integrity verification

Authors:
Diomidis Spinellis
Affiliations:
Univ. of the Aegean, Karlovasi, Greece
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2000

Citing 14
Cited 8

Concepts and experiments in computational reflection

OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
Implications of computer viruses and current methods of defense

Computers under attack: intruders, worms, and viruses
The Apertos reflective operating system: the concept and its implementation

OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Security in computing

Security in computing
Computer architecture (2nd ed.): a quantitative approach

Computer architecture (2nd ed.): a quantitative approach
Design of Hashing Algorithms

Design of Hashing Algorithms
The GSM System for Mobile Communications

The GSM System for Mobile Communications
In the News

IEEE MultiMedia
To Whom am I Speaking?

Computer
How the PC Will Disappear

Computer
Implementational Reflection in Silica

ECOOP '91 Proceedings of the European Conference on Object-Oriented Programming
Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective

FC '97 Proceedings of the First International Conference on Financial Cryptography
RIPEMD-160: A Strengthened Version of RIPEMD

Proceedings of the Third International Workshop on Fast Software Encryption
Mode switching and software download for software defined radio: the SDR Forum approach

IEEE Communications Magazine

SCUBA: Secure Code Update By Attestation in sensor networks

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Implementing regular cash with blind fixed-value electronic coins

Computer Standards & Interfaces
CAT: building couples to early detect node compromise attack in wireless sensor networks

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Software-based remote code attestation in wireless sensor network

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Tamper detection marking for object files

MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
VIPER: verifying the integrity of PERipherals' firmware

Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers

Trust extension as a mechanism for secure code execution on commodity computers
Scalable integrity-guaranteed AJAX

APWeb'12 Proceedings of the 14th Asia-Pacific international conference on Web Technologies and Applications

Quantified Score

Hi-index	0.01

Visualization

Abstract

The integrity verification of a device's controlling software is an important aspect of many emerging information appliances. We propose the use of reflection, whereby the software is able to examine its own operation, in conjunction with cryptographic hashes as a basis for developing a suitable software verification protocol. For more demanding applications meta-reflective techniques can be used to thwart attacks based on device emulation strategies. We demonstrate how our approach can be used to increase the security of mobile phones, devices for the delivery of digital content, and smartcards.