Abstract
Preserving integrity is one of the essential requirements in trusted computing. However, When it comes to system update, even with the state-of-the-art integrity management system such as OpenCIT cannot properly manage integrity. This is because the updates are not transparent to the remote attestation server and the integrity value is not updated according to the updates.
This paper presents Trust Update on Linux booting, TUX. TUX collaboratively manages the integrity along with the kernel update, so that the update is transparent to the attestation server. With TUX, we can successfully maintain trust for the managed machines, even with frequent OS kernel updates. Also, TUX guarantees robust verified and measured boot to safeguard the integrity of a system’s booting process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Grub’s kernel loading command includes the version of the kernel.
References
Neus, D.: Rohde-schwarz-cybersecurity/trustedGRUB2: TPM enabled GRUB2 bootloader, June 2017. https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGrub2
Futral, W., Greene, J.: Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Data Centers, 1st edn. Apress, Berkely (2013)
Sharkey, J.: Breaking hardware-enforced security with hypervisors. In: Black Hat USA (2016). https://www.blackhat.com/docs/us-16/materials/us-16-Sharkey-Breaking-Hardware-Enforced-Security-With-Hypervisors.pdf
Kleissner, P.: Stoned bootkit. Black Hat USA (2009). http://www.blackhat.com/presentations/bh-usa-09/KLEISSNER/BHUSA09-Kleissner-StonedBootkit-SLIDES.pdf
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. ArXiv e-prints, January 2018
Lipp, M., et al.: Meltdown. ArXiv e-prints, January 2018
Sekletar, M.: Sbsigntool github. https://github.com/msekletar/sbsigntool
Microsoft: Protect your windows devices against spectre meltdown, April 2018. https://support.microsoft.com/ko-kr/help/4073757/protect-your-windows-devices/against-spectre-meltdown
Red Hat Bootloader Team: UEFI Shim loader. https://github.com/rhboot/Shim
Redhat: RHSA-2018:0093 - security advisory, January 2018. https://access.redhat.com/errata/RHSA-2018:0093
Savino, R.: Open cit 3.2.1 product guide. opencit/opencit wiki, February 2018. https://github.com/opencit/opencit/wiki/Open-CIT-3.2.1-Product-Guide
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_19
Trusted Computing Group: TCG architecture overview, version 1.4, August 2007. https://trustedcomputinggroup.org/tcg-architecture-overview/version-1-4/. Accessed 02 July 2018
Trusted Computing Group: TPM main specification, October 2014. https://trustedcomputinggroup.org/tpm-main-specification/
UEFI: Unified extensible firmware interface specification, January 2016. http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf
Wei, J., Wang, S., Sun, N., Qiaowei, R.: Trusted boot—sourceforge.net. https://sourceforge.net/projects/tboot/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Lee, S., Yoo, S. (2018). Tux: Trust Update on Linux Booting. In: Katsikas, S., Alcaraz, C. (eds) Security and Trust Management. STM 2018. Lecture Notes in Computer Science(), vol 11091. Springer, Cham. https://doi.org/10.1007/978-3-030-01141-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-01141-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01140-6
Online ISBN: 978-3-030-01141-3
eBook Packages: Computer ScienceComputer Science (R0)