Skip to main content
SpringerLink
Log in

An Integrity Assurance Mechanism for Run-Time Programs

  • Conference paper
Book cover Information Security and Cryptology (Inscrypt 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5487))

Included in the following conference series:

  • 746 Accesses

Abstract

To conquer the weakness of existing integrity measurement and verification mechanisms based on trusted computing technology, an integrity assurance mechanism for run-time programs is proposed in this paper. Based on a dynamic integrity measuring module, the proposed integrity assurance mechanism solves the difficulties that may be encountered when attesting to the integrity of running programs. The paper also describes the design and implementation details of the proposed module. An example of applying the proposed mechanism to protect the vTPM instances in Xen hypervisor is presented at last.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible os support and applications for trusted computing. In: 9th conference on Hot Topics in Operating Systems, pp. 25–25. USENIX Association, Berkeley (2003)

    Google Scholar 

  2. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. ACM SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)

    Article  Google Scholar 

  3. TCG specification architecture overview revision 1.4, https://www.trustedcomputinggroup.org/specs/IWG

  4. Tpm main specification version 1.2 revision 103 part1&2&3, https://www.trustedcomputinggroup.org/specs/TPM/

  5. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: 13th conference on USENIX Security Symposium, pp. 223–238. USENIX Association, Berkeley (2004)

    Google Scholar 

  6. Jaeger, T., Sailer, R., Shankar, U.: Prima: policy-reduced integrity measurement architecture. In: 11th ACM symposium on Access control models and technologies, pp. 19–28. ACM Press, New York (2006)

    Google Scholar 

  7. National Institute of Standards and Technology: Secure Hash Standard (SHA-1). pp. 180–181. Federal Information Processing Standards Publication (1993)

    Google Scholar 

  8. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: 20th ACM symposium on Operating systems principles, pp. 1–16. ACM Press, New York (2005)

    Google Scholar 

  9. Shi, E., Perrig, A., Doorn, L.V.: Bind: A fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168. IEEE Press, Washington (2005)

    Chapter  Google Scholar 

  10. Goldberg, R.: Survey of Virtual Machine Research. IEEE Computer 7(6), 34–45 (1974)

    Article  Google Scholar 

  11. AMD Corporation: Secure virtual machine architecture reference manual. Technical report (2005)

    Google Scholar 

  12. Intel Corporation: Intel vanderpool technology for ia-32 processors(vt-x) preliminary specification. Technical Report, Intel C97063-001 (2005)

    Google Scholar 

  13. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)

    Article  Google Scholar 

  14. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: Virtualizing the trusted platform module. In: 15th conference on USENIX Security Symposium, pp. 305–320. USENIX Association, Berkeley (2006)

    Google Scholar 

  15. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: 11th ACM conference on Computer and communications security, pp. 132–145. ACM Press, New York (2004)

    Google Scholar 

  16. Seshadri, A., Perrig, A., Doorn, L.V., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: 2004 IEEE Symposium on Security and Privacy, pp. 272–282. IEEE Press, Washington (2004)

    Chapter  Google Scholar 

  17. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: 3rd conference on Virtual Machine Research And Technology Symposium, p. 3. USENIX Association, Berkeley (2004)

    Google Scholar 

  18. Sadeghi, A.R., Stuble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: 2004 workshop on New security paradigms, pp. 67–77. ACM Press, New York (2004)

    Google Scholar 

  19. Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: 11th ACM conference on Computer and communications security, pp. 308–317. ACM Press, New York (2004)

    Google Scholar 

  20. Shankar, U., Jaeger, T., Sailer, R.: Toward automated information-flow integrity verification for security-critical applications. In: 2006 ISOC Networked and Distributed Systems Security Symposium, San Diego (2006)

    Google Scholar 

  21. Maruyama, H., Seliger, F., Nagaratnam, N., Ebringer, T., Munetoh, S., Yoshihama, S., Nakamura, T.: Trusted platform on demand. Technical Report RT0564, IBM Tokyo Research Laboratory (2004)

    Google Scholar 

  22. Sandhu, R., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: 10th ACM symposium on Access control models and technologies, pp. 147–158. ACM Press, New York (2005)

    Google Scholar 

  23. Sandhu, R., Ranganathan, K., Zhang, X.: Secure information sharing enabled by trusted computing and pei models. In: 2006 ACM Symposium on Information, computer and communications security, pp. 2–12. ACM Press, New York (2006)

    Google Scholar 

  24. Zhang, X., Chen, S., Sandhu, R.: Enhancing data authenticity and integrity in p2p systems. IEEE Internet Computing 9(6), 42–49 (2005)

    Article  Google Scholar 

  25. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a mac-based security architecture for the xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE Press, Washington (2005)

    Chapter  Google Scholar 

  26. Zhang, X., Covington, M.J., Chen, S., Sandhu, R.: Securebus: towards applicationtransparent trusted computing with mandatory access control. In: 2nd ACM symposium on Information, computer and communications security, pp. 117–126. ACM Press, New York (2007)

    Google Scholar 

  27. Griffin, J., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted virtual domains: Toward secure distributed services. In: 1st Workshop on Hot Topics in System Dependability (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 1000190, China

    Ziyao Xu, Yeping He & Lingli Deng

  2. Graduate School, Chinese Academy of Sciences, Beijing, 100049, China

    Ziyao Xu & Lingli Deng

Authors
  1. Ziyao Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yeping He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lingli Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  2. College of Information Sciences and Technology, Pennsylvania State University, PA 16802, University Park, USA

    Peng Liu

  3. SKLOIS, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xu, Z., He, Y., Deng, L. (2009). An Integrity Assurance Mechanism for Run-Time Programs. In: Yung, M., Liu, P., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2008. Lecture Notes in Computer Science, vol 5487. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01440-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01440-6_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01439-0

  • Online ISBN: 978-3-642-01440-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation