Practical Techniques for Operating System Attestation

England, Paul

doi:10.1007/978-3-540-68979-9_1

Paul England¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4968))

Included in the following conference series:

International Conference on Trusted Computing

828 Accesses
12 Citations

Abstract

This paper describes three practical techniques for authenticating the code and other execution state of an operating system using the services of the TPM and a hypervisor. The techniques trade off detailed reporting of the OS code and configuration with the manageability and comprehensibility of reported configurations. Such trade-offs are essential because of the complexity and diversity of modern general purpose operating systems makes simple code authentication schemes using code hashes or certificates infeasible.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Specifications are available on the TCG web site, http://www.trustedcomputinggroup.org
Microft Online Crash Analysis data
Google Scholar
Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture (1997)
Google Scholar
Chen, L., Landfermann, R., Lohr, M., Rohe, A.S., Stuble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)
Chapter Google Scholar
England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)
Article Google Scholar
England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)
Chapter Google Scholar
Franklin, M., Mitcham, K., Smith, S.W., Stabiner, J., Wild, O.: Ca-in-a-box. In: EuroPKI: Lecture notes in computer science, pp. 180–190 (2005)
Google Scholar
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP 2003: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 193–206. ACM, New York (2003)
Chapter Google Scholar
Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)
Google Scholar
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: VM 2004: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, Berkeley, CA, USA, p. 3. USENIX Association (2004)
Google Scholar
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: FAST 2003: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, Berkeley, CA, USA, pp. 29–42. USENIX Association (2003)
Google Scholar
Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the vax vmm security kernel. IEEE Trans. Softw. Eng. 17(11), 1147–1165 (1991)
Article Google Scholar
Kauer, B.: Oslo: Improving the security of trusted computing. In: Proceedings of the 16th USENIX Security Symposium (2007)
Google Scholar
Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 50–57. ACM, New York (2007)
Chapter Google Scholar
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)
Article Google Scholar
Loeser, J., England, P.: Para-virtualized tpm sharing. In: Proceedings of TRUST2008 (these proceedings), London, UK, Springer, Heidelberg (2008)
Google Scholar
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Google Scholar
Mitchell, C.: Trusted Computing (Professional Applications of Computing) (Professional Applications of Computing). IEE (2005)
Google Scholar
Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context (HP Professional Series). Prentice Hall, Englewood Cliffs (2002)
Google Scholar
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Corporation,
Paul England

Authors

Paul England
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Peter Lipp Ahmad-Reza Sadeghi Klaus-Michael Koch

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

England, P. (2008). Practical Techniques for Operating System Attestation. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-540-68979-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68978-2
Online ISBN: 978-3-540-68979-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics