Abstract
A major challenge in software security is preserving software integrity. Traditionally this problem is addressed through the development of software (self-) checking techniques that verify the integrity of its code and execution. Unfortunately no satisfactory solutions for run-time verification of software integrity have been presented. In this paper, we approach the problem of run-time software integrity verification in a networked context. That is, we present techniques to enable remote verification of the execution of software, given the availability of a continuous network connection between the verification entity and the untrusted execution platform.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
David Aucsmith “Tamper Resistant Software: An Implementation”, In Information Hiding 1996.
Jean-Daniel Aussel, Jerome d’Annoville, “Smart Cards and remote entrusting”, in proceedings of The Future of Trust in Computing, 2nd conference, Berlin, Germany, June 30-July 2, 2008.
M. Baldi, Y. Ofek, M. Young, “Idiosyncratic Signatures for Authenticated Execution of Management Code”, 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003.
Cataldo Basile, Stefano Di Carlo, Thomas Herlea, Jasvir Nagra, and Brecht Wyseur. “Towards a Formal Model for Software Tamper Resistance”. Work in progress, 16 pages, 2009.
Boris Balacheff, Liqun Chen, Siani Pearson, David Plaquin, Graeme Proudler, “Trusted Computing Platforms: TCPA Technology in Context”, Prentice Hall, 2002.
Jan Cappaert, Bart Preneel, Bertrand Anckaert, Matias Madou, and Koen De Bosschere, “Towards Tamper Resistant Code Encryption: Practice and Experience”, In Information Security Practice and Experience, 4th International Conference, ISPEC 2008, Lecture Notes in Computer Science 4991, L. Chen, Y Mu, and W Susilo (eds.), Springer-Verlag, pp. 86-100, 2008.
Mariano Ceccato, Mila Dalla Preda, Anirban Majumdar, Paolo Tonella. “Remote software protection by orthogonal client replacement”. In Proceedings of the 24th ACM Symposium on Applied Computing. ACM, March 2009
K. Compton and S. Hauck, “Reconfigurable computing: A survey of systems and software,” ACM Computing Surveys, vol. 34, no. 2, pp. 171–210, 2002.
Jonathon T Giffm, Mihai Christodorescu, and Louis Kruger. "Strengthening Software Self-Checksum-ming via Self-Modifying Code,” In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), pages 23-32, Washington, DC, USA, 2005. IEEE Computer Society.
Bill Horne, Lesley R. Matheson, Casey Sheehan, and Robert Endre Tarjan. “Dynamic self-checking techniques for improved tamper resistance.” In DRM ’01: Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, pages 141-159, London, UK, 2002. Springer-Verlag.
Paul C. Van Oorschot, Anil Somayaji, and Glenn Wurster. “Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance,” In IEEE Transactions on Dependable and Secure Computing, 2(2), pp. 82-92, 2005.
G. Picco, “Understanding code mobility,” in Proceedings of the 2000 International Conference on Software Engineering, 2000., 2000, pp. 834–834.
Vaclav T Rajlich and Keith H. Bennett. “A Staged Model for the Software Life Cycle”. IEEE Software, 33(7):66–71, July 2000.
Amitabh Saxena, Brecht Wyseur, and Bart Preneel, “Towards Security Notions for White-Box Cryptography,” In Information Security – 12th International Conference, ISC 2009, Lecture Notes in Computer Science, Springer-Verlag, 18 pages, 2009.
Dries Schellekens, Brecht Wyseur, and Bart Preneel, “Remote Attestation on Legacy Operating Systems with Trusted Platform Modules,”. in Science of Computer Programming 74(1-2), pp. 13-22, 2008.
Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep K. Khosla. “Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems,” in Proceedings of the 20th ACM Symposium on Operating Systems Principles 2005 (SOSP 2005), pages 1–16. ACM Press, 2005.
Claes Wohlin, Per Runeson, Martin Höst, Magnus C. Ohlsson, Bjöorn Regnell, Anders Wesslén. “Experimentation in Software Engineering: an Introduction”. The Kluwer International Series In Software Engineering, 2000.
Brecht Wyseur, “White-Box Cryptography,” PhD thesis, Katholieke Universiteit Leuven, Bart Preneel (promotor), 169+32 pages, 2009.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2010 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Wyseur, B. (2010). RE-TRUST: Trustworthy Execution of SW on Remote Untrusted Platforms. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9363-5_33
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)