Expanding an Operating System’s Working Space with a New Mode to Support Trust Measurement

  • Chenglong WeiEmail author
  • Wenchang Shi
  • Bo Qin
  • Bin Liang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


Integrity measurement for Operating Systems (OS) is of practical significance. To make a measurement trustworthy, it is essential to protect the Integrity Measurement Mechanisms (IMM). However, much is still to be done to this end. This paper tries to take a step forward to shoot the target. Firstly, it puts forward the concept of trust mode, which expands the working space of an OS from two-mode, consisting of user mode and kernel mode, to tri-mode, consisting of user mode, kernel mode and trust mode. The trust mode is of the highest privilege level, in which the Core Measurement Mechanism (CMM) of an OS is executed. The CMM is in charge of measuring the IMM, which is running in kernel mode. Even if the OS kernel is compromised, the CMM would work normally without interference. Then, the paper proposes an approach to building the trust mode. It also develops a prototype to implement the trust mode by fully utilizing potentialities of modern hardware.


Tri-mode Operating System Trust Mode Integrity Measurement Mechanism Protection Hardware Virtualization Code Measurement 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., et al.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: 2007 ACM workshop on Scalable Trusted Computing, pp. 21–29. ACM Press, New York (2007)CrossRefGoogle Scholar
  2. 2.
    Sailer, R., Zhang, X., Jaeger, T., et al.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th USENIX Security Symposium, pp. 223–238 (2004)Google Scholar
  3. 3.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)Google Scholar
  4. 4.
    Shi, W.: On Design of a Trusted Software Base with Support of TPCM. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 1–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Loscocco, P.A., Smalley, S.D., Muckelbauer, P.A., et al.: The Flawed Assumption of Security in Modern Computing Environments. In: 21st National Information Systems Security Conference, pp. 303–314 (1998)Google Scholar
  6. 6.
    Swift, M.M., Bershad, B.N., Levy, H.M.: Improving the Reliability of Commodity Operating Systems. ACM Transactions on Computer Systems 23(1), 77–110 (2005)CrossRefGoogle Scholar
  7. 7.
    Venema, W.: Isolation Mechanisms for Commodity Applications and Platforms. IBM Technical Report, RC24725(W0901-048) (2009)Google Scholar
  8. 8.
    Dyer, J.G., Lindemann, M., Perez, R., et al.: Building the IBM 4758 Secure Coprocessor. IEEE Computer 34(10), 57–66 (2001)CrossRefGoogle Scholar
  9. 9.
    Suh, G.E., Clarke, D., Gassend, B., et al.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: 17th Annual International Conference on Supercomputing (ICS 2003), pp. 160–171. ACM Press, New York (2003)Google Scholar
  10. 10.
    Sharif, M., Lee, W., Cui, W., et al.: Secure In-VM Monitoring Using Hardware Virtualization. In: 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 477–487. ACM Press, New York (2009)Google Scholar
  11. 11.
    Azab, A.M., Ning, P., Sezer, E.C., et al.: HIMA: A Hypervisor Based Integrity Measurement Agent. In: 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 461–470. IEEE Press (2009)Google Scholar
  12. 12.
    Rosenblum, M., Garfinkel, T.: Virtual Machine Monitors: Current Technology and Future Trends. IEEE Computer 38(5), 39–47 (2005)CrossRefGoogle Scholar
  13. 13.
    Garfinkel, T., Rosenblum, M.: When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. In: 10th USENIX Workshop on Hot Topics in Operating Systems. USENIX Press, Berkeley (2005)Google Scholar
  14. 14.
    Drepper, U.: The Cost of Virtualization. ACM QUEUE, 30–35 (January/February 2008)Google Scholar
  15. 15.
    TPM Main - Part 1 Design Principles - Specification Version 1.2. Trusted Computing Group (July 2007) Google Scholar
  16. 16.
    Advanced Micro Devices: AMD64 Virtualization: Secure Virtual Machine Architecture Reference Manual. AMD Publication, no.33047, rev. 3.01. (2005)Google Scholar
  17. 17.
    Neiger, G., Santoni, A., Leung, F.: Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal 10(03), 167–177 (2006)CrossRefGoogle Scholar
  18. 18.
    Levine, J.F., Grizzard, J.B., Owen, H.L.: Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection. IEEE Security & Privacy 4(1), 24–32 (2006)CrossRefGoogle Scholar
  19. 19.
    Wei, C., Song, S., Hua, W.: Operating Systems Support for Process Dynamic Integrity Measurement. In: IEEE Youth Conference on Information, Computing and Telecommunication (YC-ICT 2009), pp. 339–342. IEEE Press (2009)Google Scholar
  20. 20.
    Tygar, J.D., Yee, B.: Dyad: A System for Using Physically Secure Coprocessors. Technical Report, CMU-CS-91-140R, Carnegie Mellon University (1991)Google Scholar
  21. 21.
    Clark, P.C., Hoffman, L.J.: BITS: A Smartcard Protected Operating System. Communications of the ACM 37(11), 66–70, 94 (1994)Google Scholar
  22. 22.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: 1997 IEEE Symposium on Security and Privacy (S&P 1997), pp. 65–71 (1997)Google Scholar
  23. 23.
    Maruyama, H., Seliger, F., Nagaratnam, N., et al.: Trusted Platform on Demand. Technical Report, RT0564, IBM (2004)Google Scholar
  24. 24.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)Google Scholar
  25. 25.
    Intel Trusted Execution Technology - Software Development Guide - Measured Launched Environment Developer’s Guide. Document Number: 315168-005, Intel (2008)Google Scholar
  26. 26.
    Alves, T., Felton, D.: TrustZone: Integrated Hardware and Software Security - Enabling Trusted Computing in Embedded Systems. Information Quarterly 3(4), 18–24 (2004)Google Scholar
  27. 27.
    Seshadri, A., Luk, M., Qu, N., et al.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: 21st ACM Symposium on Operating Systems Principles (SOSP 2007), pp. 335–350. ACM Press, New York (2007)Google Scholar
  28. 28.
    McCune, J.M., Parno, B., Perrig, A.: Flicker: An Execution Infrastructure for TCB Minimization. In: ACM European Conference on Computer Systems, EuroSys 2008 (2008)Google Scholar
  29. 29.
    McCune, J.M., Li, Y., Qu, N., et al.: TrustVisor: Efficient TCB Reduction and Attestation. In: 2010 IEEE Symposium on Security and Privacy (SP 2010), pp. 143–158 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Chenglong Wei
    • 1
    Email author
  • Wenchang Shi
    • 1
  • Bo Qin
    • 1
  • Bin Liang
    • 1
  1. 1.School of InformationRenmin University of ChinaBeijingChina

Personalised recommendations