Abstract
Attestation of node integrity increases the security of overlay networks by detecting and removing nodes affected by malware. This is fundamental because in an overlay even a single node running some malware can greatly decrease the overlay security. Virtual Integrity Measurement System (VIMS) is a semantic attestation-based framework that determines whether a node can join an overlay according to both its configuration and its current behavior. VIMS fully exploits virtualization by running two virtual machines (VMs) on every overlay node: the Monitored VM (Mon-VM), which runs the overlay application, and the Assurance VM (A-VM), which checks the integrity of the Mon-VM. Before a node is allowed to join an overlay, some overlay nodes interact with the node A-VM to attest the integrity of the applications and of the OS of the node Mon-VM. After this start-up attestation, and as long as the node belongs to the overlay, the A-VM continuously checks the integrity of the Mon-VM to discover anomalies due to attacks. As soon as any check fails, the node is disconnected from the overlay. The security policy of the overlay defines the complexity and the execution frequency of the checks. The complexity ranges from integrity checks on the code of the application and of the OS to a detailed monitoring of the application behavior that exploits introspection. VIMS supports mutual trust because any node of an overlay can assess the integrity of any other node.
The paper presents the architecture of VIMS, its application to P2P and VPN overlays and a preliminary evaluation of the corresponding overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bajikar, S.: Trusted Platform Module (TPM) based Security on Notebook PCs-White Paper. Mobile Platforms Group, Intel Corporation (June 20, 2002)
Pearson, S.: Trusted Computing Platforms, the Next Security Solution. Trusted Computing Group Administration, Beaverton (2002)
Tamberi, F., Maggiari, D., Sgandurra, D., Baiardi, F.: Semantics-Driven Introspection in a Virtual Environment. In: IAS 2008: Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security, Washington, DC, USA, pp. 299–302. IEEE Computer Society, Los Alamitos (2008)
Baiardi, F., Maggiari, D., Sgandurra, D., Tamberi, F.: Transparent Process Monitoring in a Virtual Environment. Electronic Notes in Theoretical Computer Science 236, 85–100 (2009); Proceedings of the 3rd International Workshop on Views On Designing Complex Architectures, VODCA 2008 (2008)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium. USENIX Association, Berkeley (2006)
SourceForge.net: Trusted Boot, http://sourceforge.net/projects/tboot
Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.T.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)
OpenVPN: An Open Source SSL VPN Solution, http://openvpn.net/
SourceForge.net: gtk-gnutella: The Graphical Unix Gnutella Client, http://gtk-gnutella.sourceforge.net/
TPM/J: Java-based API for the Trusted Platform Module (TPM), http://projects.csail.mit.edu/tc/tpmj/
IOzone: Filesystem Benchmark, http://www.iozone.org/
Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring Semantic Integrity for Remote Attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81–100. Springer, Heidelberg (2009)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and Communications Security, pp. 308–317. ACM, New York (2004)
Sandhu, R., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: SACMAT 2005: Proceedings of the tenth ACM Symposium on Access Control Models and Technologies, pp. 147–158. ACM, New York (2005)
Lioy, A., Ramunno, G., Vernizzi, D.: Trusted-Computing Technologies for the Protection of Critical Information Systems. Journal of Information Assurance and Security 4, 449–457 (2009)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP 2005: Proceedings of the twentieth ACM symposium on Operating systems principles, pp. 1–16. ACM, New York (2005)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 19–28. ACM, New York (2006)
Petroni Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium, pp. 289–304. USENIX Association, Berkeley (2006)
Schellekens, D., Wyseur, B., Preneel, B.: Remote attestation on legacy operating systems with trusted platform modules. Sci. Comput. Program. 74(1-2), 13–22 (2008)
England, P.: Practical Techniques for Operating System Attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)
Gu, L., Ding, X., Deng, R.H., Zou, Y., Xie, B., Shao, W., Mei, H.: Model-driven remote attestation: Attesting remote system from behavioral aspect. In: ICYCS 2008: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists, Washington, DC, USA, pp. 2347–2353. IEEE Computer Society, Los Alamitos (2008)
Traynor, P., Chien, M., Weaver, S., Hicks, B., Mc Daniel, P.: Non Invasive Methods for Host Certification. ACM Trans. on Information and System Security 11(3), 1–23 (2008)
Trusted Computing Group: TCG Trusted Network Connect TNC Architecture for Interoperability. Specification Version 1.3 Revision 6 (April 2008)
Rehbock, S., Hunt, R.: Trustworthy clients: Extending tnc to web-based environments. Comput. Commun. 32(5), 1006–1013 (2009)
Greenhalgh, A., Huici, F., Hoerdt, M., Papadimitriou, P., Handley, M., Mathy, L.: Flow processing and the rise of commodity network hardware. SIGCOMM Comput. Commun. Rev. 39(2), 20–26 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baiardi, F., Sgandurra, D. (2010). Semantic Attestation of Node Integrity in Overlays. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_48
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)