Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Enhancing Data Authenticity and Integrity in P2P Systems
IEEE Internet Computing
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Probabilistic validation of aggregated data in vehicular ad-hoc networks
Proceedings of the 3rd international workshop on Vehicular ad hoc networks
SecureBus: towards application-transparent trusted computing with mandatory access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Energy and execution time analysis of a software-based trusted platform module
Proceedings of the conference on Design, automation and test in Europe
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Information Security Tech. Report
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Remote Attestation on Legacy Operating Systems With Trusted Platform Modules
Electronic Notes in Theoretical Computer Science (ENTCS)
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Model-based behavioral attestation
Proceedings of the 13th ACM symposium on Access control models and technologies
TOCTOU, Traps, and Trusted Computing
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
A Demonstrative Ad Hoc Attestation System
ISC '08 Proceedings of the 11th international conference on Information Security
Improving the scalability of platform attestation
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
e-EMV: emulating EMV for internet payments with trusted computing technologies
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Behavioral attestation for web services (BA4WS)
Proceedings of the 2008 ACM workshop on Secure web services
Analysis and design of a hardware/software trusted platform module for embedded systems
ACM Transactions on Embedded Computing Systems (TECS)
Remote attestation on legacy operating systems with trusted platform modules
Science of Computer Programming
Attestation: Evidence and Trust
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
An Integrity Assurance Mechanism for Run-Time Programs
Information Security and Cryptology
SAConf: Semantic Attestation of Software Configurations
ATC '09 Proceedings of the 6th International Conference on Autonomic and Trusted Computing
Securing elastic applications on mobile devices for cloud computing
Proceedings of the 2009 ACM workshop on Cloud computing security
Towards secure dataflow processing in open distributed systems
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Wake up or fall asleep-value implication of trusted computing
Information Technology and Management
Detecting code alteration by creating a temporary memory bottleneck
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
RunTest: assuring integrity of dataflow processing in cloud computing infrastructures
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Detecting node compromise in hybrid wireless sensor networks using attestation techniques
ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
Software-based remote code attestation in wireless sensor network
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On verifying stateful dataflow processing services in large-scale cloud systems
Proceedings of the 17th ACM conference on Computer and communications security
Seeding clouds with trust anchors
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Live forensics framework for wireless sensor nodes using sandboxing
Proceedings of the 6th ACM workshop on QoS and security for wireless and mobile networks
Managing application whitelists in trusted distributed systems
Future Generation Computer Systems
Dynamic enforcement of platform integrity
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A proactive data security framework for mission-critical sensor networks
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
SCOBA: source code based attestation on custom software
Proceedings of the 26th Annual Computer Security Applications Conference
Enhancing the trust of internet routing with lightweight route attestation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Ensuring content integrity for untrusted peer-to-peer content distribution networks
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Adaptive data-driven service integrity attestation for multi-tenant cloud systems
Proceedings of the Nineteenth International Workshop on Quality of Service
Practical property-based attestation on mobile devices
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Scalable trust establishment with software reputation
Proceedings of the sixth ACM workshop on Scalable trusted computing
Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Practical delegation of computation using multiple servers
Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Behavior analysis-based dynamic trust measurement model
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Establishing a trust relationship in cooperative information systems
ODBASE'06/OTM'06 Proceedings of the 2006 Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, GADA, and ODBASE - Volume Part I
Security model oriented attestation on dynamically reconfigurable component-based systems
Journal of Network and Computer Applications
Trusted isolation environment: an attestation architecture with usage control model
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Remote attestation on function execution (work-in-progress)
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
acTvSM: a dynamic virtualization platform for enforcement of application integrity
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Sensor tricorder: what does that sensor know about me?
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Behavioral Attestation for Web Services using access policies
Multimedia Tools and Applications
Hi-index | 0.00 |
In this paper, we propose BIND (Binding Instructions aNd Data), a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and configurations, verification of the hash is difficult. Second, the time-of-use and time-of-attestation discrepancy remains to be addressed, since the code may be correct at the time of the attestation, but it may be compromised by the time of use. The goal of BIND is to address these issues and make code attestation more usable in securing distributed systems. BIND offers the following properties: 1) BIND performs fine-grained attestation. Instead of attesting to the entire memory content, BIND attests only to the piece of code we are concerned about. This greatly simplifies verification. 2) BIND narrowsthe gap between time-of-attestation and time-of-use. BIND measures a piece of code immediately before it is executed and uses a sand-boxing mechanism to protect the execution of the attested code. 3) BIND ties the code attestation with the data that the code produces, such that we can pinpoint what code has been run to generate that data. In addition, by incorporating the verification of input data integrity into the attestation, BIND offers transitive integrity verification, i.e., through one signature, we can vouch for the entire chain of processes that have performed transformations over a piece of data. BIND offers a general solution toward establishing a trusted environment for distributed system designers.