Skip to main content
SpringerLink
Log in
Book cover

International Joint Conferences on Security and Intelligent Information Systems

SIIS 2011: Security and Intelligent Information Systems pp 85–102Cite as

A Signature Scheme for Distributed Executions Based on Control Flow Analysis

  • Conference paper

  • 858 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7053))

Abstract

This article proposes a dynamic and flexible signature scheme to verify at runtime the execution of a distributed program. Extending [20], the approach relies on the analysis of a trace that represents such an execution using Control Flow Graph (CFG). This mechanism ensures the detection of flow faults that do not correspond to the CFG, i.e. that tamper the normal run of the application. Most effects of malicious code injection commonly met on distributed computing platforms such as grids are covered by this approach. The execution engine used in our signature scheme is certified with the TPM-based Certification of a Remote Resource (TCRR) protocol [5].

Our approach has been implemented in KAAPI,, a C++ middleware library to execute and schedule fine or medium size grain programs on distributed platforms. The concrete validation on two parallel programs (Fibonacci and NQueens) reveals the scalability of the approach and its relatively low overhead.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: CCS 2005: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM, New York (2005)

    Google Scholar 

  2. Aleph1. Smashing the stack for fun and profit. Phrack (49) (1996), http://www.phrack.org/phrack/49/P49-14

  3. Allen, F.E.: Control flow analysis, 1–19 (July 1970)

    Google Scholar 

  4. Bertholon, B., Varrette, S., Bouvry, P.: The tcrr protocol to certify a remote machine. Technical report, http://certicloud.gforge.uni.lu/

  5. Bertholon, B., Varrette, S., Bouvry, P.: Certicloud: a novel tpm-based approach to ensure cloud iaas security. In: Proc. of the 4th IEEE Intl. Conf. on Cloud Computing (CLOUD 2011), July 4–9, IEEE Computer Society, Washington DC (2011)

    Google Scholar 

  6. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, USA, pp. 32–46 (May 2005)

    Google Scholar 

  7. Foster, I., Kesselman, C.: The Grid: Blueprint for a new Computing Infrastructure. Morgan Kaufman Publishers (1998)

    Google Scholar 

  8. Gansner, E.R., Koutsofios, E., North, S.C., Vo, K.-P.: A technique for drawing directed graphs. IEEE Trans. Software Eng. 19(3), 214–230 (1993)

    Article  Google Scholar 

  9. Gautier, T., Besseron, X., Pigeon, L.: KAAPI: a Thread Scheduling Runtime System for Data Flow Computations on Cluster of Multi-Processors.. In: Workshop on Parallel Symbolic Computation 2007 (PASCO 2007). ACM, London (2007)

    Google Scholar 

  10. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - virtual machine directed approach to trusted computing. In: Virtual Machine Research and Technology Symposium, pp. 29–41. USENIX (2004)

    Google Scholar 

  11. Hoos, H.H., Stützle, T.: Stochastic Local Seacrh Funcdations and Applications. Morgan Kaufmann (2005)

    Google Scholar 

  12. Jafar, S., Krings, A., Gautier, T.: Flexible rollback recovery in dynamic heterogeneous grid computing. IEEE TDSC 6(1) (January 2009)

    Google Scholar 

  13. Jafar, S., Varrette, S., Roch, J.-L.: Using Data-Flow Analysis for Resilence and Result Checking in Peer to Peer Computations. In: Proc. of the 1st Int. Workshop on Grid and Peer-to-Peer Computing Impacts on Large Scale Heterogeneous Distributed Database Systems (GLOBE 2004). IEEE Computer Society (September 2004)

    Google Scholar 

  14. Kirovski, D., Drinić, M., Potkonjak, M.: Enabling trusted software integrity. In: ASPLOS-X: Proc. of the 10th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 108–120. ACM, New York (2002)

    Google Scholar 

  15. McPeak, S., Necula, G.C.: Elkhound: A fast, practical GLR parser generator. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 73–88. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Milenković, M., Milenković, A., Jovanov, E.: A framework for trusted instruction execution via basic block signature verification. In: ACM-SE 42: Proceedings of the 42nd Annual Southeast Regional Conference. ACM (2004)

    Google Scholar 

  17. MOAIS Team. KAAPI (2005), http://kaapi.gforge.inria.fr/

  18. Molnar, D.: The SETI@Home Problem (November 2000), http://www.acm.org/crossroads/columns/onpatrol/september2000.html

  19. Necula, G.C., Lee, P.: Proof-Carrying Code. In: Proceedings of the ACM Symposium on Principles of Programming Languages, Paris, France (January 1997)

    Google Scholar 

  20. Oh, N., Shirvani, P.P., Mccluskey, E.J.: Control-flow checking by software signatures. IEEE Transactions on Reliability 51, 111–122 (2002)

    Article  Google Scholar 

  21. Roch, J.-L., Varrette, S.: Probabilistic Certification of Divide & Conquer Algorithms on Global Computing Platforms. Application to Fault-Tolerant Exact Matrix-Vector Product. In: PPASCO 2007 (2007)

    Google Scholar 

  22. Weimer, W., Liblit, B., Foster, J., McPeak, S., Wilkerson, D., Nichols, J.: Elsa: The Elkhound-based C/C++ Parser

    Google Scholar 

  23. Stallman, R.M., et al.: Using GCC: The GNU Compiler Collection Ref Man. FSF (2005)

    Google Scholar 

  24. Takaken. The NQueens Problem, http://www.ic-net.or.jp/home/takaken/e/queen/

  25. TCG. TCG Specification Architecture Overview – Rev 1.4. Technical report

    Google Scholar 

  26. Varrette, S.: Sécurité des Architectures de Calcul Distribué: Authentification et Certification de Résultats. PhD thesis, INP Grenoble and Universitédu Luxembourg (September 2007) (in French)

    Google Scholar 

  27. Varrette, S., Roch, J.-L., Duc, G., Keryell, R.: Building Secure Resources to Ensure Safe Computations in Distributed and Potentially Corrupted Environments. In: César, E., et al. (eds.) Euro-Par 2008. LNCS, vol. 5415, pp. 211–222. Springer, Heidelberg (2008)

    Google Scholar 

  28. Viega, J.: Cloud computing and the common man (2009)

    Google Scholar 

  29. Wagner, D., Dean, D.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy, pp. 156–168 (2001)

    Google Scholar 

  30. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255–264. ACM, New York (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Communication (CSC) Research Unit, University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, L-1359, Luxembourg, Luxembourg

    Sébastien Varrette & Pascal Bouvry

  2. Interdisciplinary Centre for Security Reliability and Trust, University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, L-1359, Luxembourg, Luxembourg

    Benoît Bertholon

Authors
  1. Sébastien Varrette
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benoît Bertholon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascal Bouvry
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Pascal Bouvry Mieczysław A. Kłopotek Franck Leprévost Małgorzata Marciniak Agnieszka Mykowiecka Henryk Rybiński

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Varrette, S., Bertholon, B., Bouvry, P. (2012). A Signature Scheme for Distributed Executions Based on Control Flow Analysis. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds) Security and Intelligent Information Systems. SIIS 2011. Lecture Notes in Computer Science, vol 7053. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25261-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25261-7_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25260-0

  • Online ISBN: 978-3-642-25261-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation