Authentic Execution of Distributed Event-Driven Applications with a Small TCB

  • Job Noorman
  • Jan Tobias MühlbergEmail author
  • Frank Piessens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)


This paper presents an approach to provide strong assurance of the secure execution of distributed event-driven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by a Protected Module Architecture (PMA) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices used by these applications. More specifically, we want to guarantee that if an output is produced by the application, it was allowed to be produced by the application’s source code. We present a prototype implementation as an extension of Sancus, a light-weight embedded PMA that extends the TI MSP430 CPU. Our evaluation of the security and performance aspects of our approach and the prototype show that PMAs together with our programming model form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems, the Internet of Things or Wireless Sensor Networks.



This research is partially funded by the Research Fund KU Leuven.


  1. 1.
    Abadi, M.: Protection in programming-language translations. In: Vitek, J., Jensen, C.D. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 19–34. Springer, Heidelberg (1999). doi: 10.1007/3-540-48749-2_2 CrossRefGoogle Scholar
  2. 2.
    Agten, P., Strackx, R., Jacobs, B., and Piessens, F.: Secure compilation to modern processors. In: CSF, pp. 171–185. IEEE (2012)Google Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28496-0_19 CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: The design space of lightweight cryptographic hashing. IEEE Trans. Comput. 99(PrePrints), 1 (2012)zbMATHGoogle Scholar
  5. 5.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: SFCS, pp. 350–357. IEEE (1981)Google Scholar
  6. 6.
    Dunkels, A., Gronvall, B., Voigt, T.: Contiki - a lightweight and flexible operating system for tiny networked sensors. In: Local Computer Networks, pp. 455–462. IEEE (2004)Google Scholar
  7. 7.
    Fernandez-Gago, M., Roman, R., Lopez, J.: A survey on the applicability of trust management systems for wireless sensor networks. In: SECPerU, pp. 25–30 (2007)Google Scholar
  8. 8.
    Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. (99), 1–14 (2017).
  9. 9.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.F.: An execution infrastructure for TCB minimization. In: Eurosys, pp. 315–328. ACM (2008)Google Scholar
  10. 10.
    McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: a framework for securing sensitive user input. In: ATEC, USENIX (2006)Google Scholar
  11. 11.
    McCune, J.M., Perrig, A., Reiter, M.K.: Safe passage for passwords and other sensitive data. In: NDSS (2009)Google Scholar
  12. 12.
    Mühlberg, J.T., Cleemput, S., Mustafa, M.A., Van Bulck, J., Preneel, B., Piessens, F.: An implementation of a high assurance smart meter using protected module architectures. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 53–69. Springer, Cham (2016). doi: 10.1007/978-3-319-45931-8_4 CrossRefGoogle Scholar
  13. 13.
    Mühlberg, J.T., Noorman, J., Piessens, F.: Lightweight and flexible trust assessment modules for the internet of things. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 503–520. Springer, Cham (2015). doi: 10.1007/978-3-319-24174-6_26 CrossRefGoogle Scholar
  14. 14.
    Noorman, J., Agten, P., Daniels, W., Strackx, R., Van Herrewege, A., Huygens,C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: low-cost trustworthyextensible networked devices with a zero-software trusted computing base. In: USENIX Security Symposium, pp. 479–494. USENIX (2013)Google Scholar
  15. 15.
    Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. VC3: trustworthy data analytics in the cloud using SGX. In: Symposium on S&P, pp. 38–54. IEEE (2015)Google Scholar
  16. 16.
    Strackx, R., Noorman, J., Verbauwhede, I., Preneel, B., Piessens, F.: Protected software module architectures. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2013 Securing Electronic Business Processes, pp. 241–251. Springer, Wiesbaden (2013). doi: 10.1007/978-3-658-03371-2_21 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Job Noorman
    • 1
  • Jan Tobias Mühlberg
    • 1
    Email author
  • Frank Piessens
    • 1
  1. 1.imec-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations