Skip to main content
SpringerLink
Log in

SAConf: Semantic Attestation of Software Configurations

  • Conference paper
Autonomic and Trusted Computing (ATC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5586))

Included in the following conference series:

Abstract

Remote attestation is one of the key functionalities provided by trusted platforms. Most current attestation approaches are based on cryptographic hash functions, which are appropriate to attest to relatively stable objects such as executables. However, they can not effectively deal with software configurations that could have many (or even infinite) trusted variants and could also be modified at run-time. This paper proposes SAConf, a novel semantic attestation approach to attesting to software configurations. SAConf uses a list of constraints to represent the challenger’s trust policies, and verifies configurations based on semantic checks against the constraints, according to the semantic meanings of configurations rather than their hashes. An on-request measurement strategy is also added as a complement to the on-load strategy in order to capture potential modifications to configurations during execution. We implemented a prototype of SAConf and evaluations show that it could reduce the storage overhead from exponential to linear compared to hash-based approaches.

This research is supported by the National High Technology 863 Program of China under Grant No. 2007AA01Z462 and 2008AA01Z133, the National Basic Research Program of China (973) under Grant No. 2009CB320703, and the Science Fund for Creative Research Groups of China under Grant No. 60821003.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chen, L., Landfermann, R., Lohr, H., Rohe, M., Sadeghi, A.-R., Stable, C.: A Protocol for Property-Based Attestation. In: The 1st ACM Workshop on Scalable Trusted Computing, Alexandria, Virginia, USA, pp. 7–16. ACM, New York (2006)

    Chapter  Google Scholar 

  2. Garay, J.A., Huelsbergen, L.: Software Integrity Protection Using Timed Executable Agents. In: The 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, Taiwan, pp. 189–200 (2006)

    Google Scholar 

  3. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: The 19th Symposium on Operating System Principles, Bolton Landing, New York, USA, pp. 193–206 (2003)

    Google Scholar 

  4. Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - A Virtual Machine Directed Approach to Trusted Computing. In: The Third Usenix Virtual Machine Research and Technology Symposium, San Jose, CA, USA, pp. 29–41 (2004)

    Google Scholar 

  5. Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: The 11th ACM Symposium on Access Control Models and Technologies, Lake Tahoe, California, USA, pp. 19–28. ACM Press, New York (2006)

    Google Scholar 

  6. Kennell, R., Jamieson, L.H.: Establishing the Genuinity of Remote Computer Systems. In: The 12th USENIX Security Symposium, Washington, DC, USA, pp. 295–308 (2003)

    Google Scholar 

  7. Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: FREENIX Track: 2001 USENIX Annual Technical Conference, Boston, Massachusetts, USA, pp. 29–42 (2001)

    Google Scholar 

  8. Maruyama, H., Seliger, F., Nagaratnam, N., Ebringer, T., Munetoh, S., Yoshihama, S., Nakamura, T.: Trusted Platform on Demand. Technical Report RT0564, IBM (February 2004)

    Google Scholar 

  9. Microsoft. Secure Startup - Full Volume Encryption: Technical Overview (April 2005)

    Google Scholar 

  10. Park, T., Shin, K.G.: Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks. IEEE Transactions on Mobile Computing 4(3), 297–309 (2005)

    Article  Google Scholar 

  11. Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property Attestation - Scalable and Privacy-friendly Security Assessment of Peer Computers. Technical Report RZ 3548, IBM Zurich Research Laboratory (October 2004)

    Google Scholar 

  12. Sadeghi, A.-R., Stuble, C.: Property-based Attestation For Computing Platforms: Caring about Properties, Not Mechanisms. In: The 2004 workshop on New Security Paradigms, Nova Scotia, Canada, pp. 67–77 (2004)

    Google Scholar 

  13. Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based Policy Enforcement for Remote Access. In: The 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 308–317. ACM Press, New York (2004)

    Google Scholar 

  14. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th USENIX Security Symposium, San Diego, California, pp. 223–238 (2004)

    Google Scholar 

  15. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: Advances in Information Security, vol. 27, pp. 253–289. Springer, US (2005)

    Google Scholar 

  16. Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: SWATT: SoftWare-based ATTestation for Embedded Devices. In: The 2004 Symposium on Security and Privacy, pp. 272–282 (2004)

    Google Scholar 

  17. Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote Software-Based Attestation for Wireless Sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Shankar, U., Chew, M., Tygar, J.D.: Side Effects Are Not Sufficient to Authenticate Software. In: The 13th USENIX Security Symposium, pp. 89–102 (2004)

    Google Scholar 

  19. Shi, E., Perrig, A., Van Doorn, L.: BIND: A Fine-grained Attestation Service for Secure Distributed Systems. In: IEEE Symposium on Security and Privacy, pp. 154–168 (2005)

    Google Scholar 

  20. TCG. TPM Main Part 1 Design Principles (March 2006)

    Google Scholar 

  21. TCG. TCG Specification Architecture Overview (August 2007)

    Google Scholar 

  22. Yang, Y., Wang, X., Zhu, S., Cao, G.: Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks. In: The 26th IEEE International Symposium on Reliable Distributed Systems, pp. 219–228. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of High Confidence Software Technologies (Ministry of Education) Institute of Software, School of EECS, Peking University, Beijing, China

    Hua Wang, Yao Guo & Xiangqun Chen

Authors
  1. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yao Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiangqun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Institute, Queensland University of Technology, GPO Box 2434, QLD 4001, Brisbane, Australia

    Juan González Nieto

  2. Department of Software Engineering and Programming Languages, Institute of ComputerScience, University of Augsburg, 86135, Augsburg, Germany

    Wolfgang Reif

  3. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan Province, P. R. China

    Guojun Wang

  4. School of Information Technology and Electrical Engineering, The University of Queensland, QLD 4072, Brisbane, Australia

    Jadwiga Indulska

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, H., Guo, Y., Chen, X. (2009). SAConf: Semantic Attestation of Software Configurations. In: González Nieto, J., Reif, W., Wang, G., Indulska, J. (eds) Autonomic and Trusted Computing. ATC 2009. Lecture Notes in Computer Science, vol 5586. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02704-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02704-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02703-1

  • Online ISBN: 978-3-642-02704-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation