Abstract
This paper describes three practical techniques for authenticating the code and other execution state of an operating system using the services of the TPM and a hypervisor. The techniques trade off detailed reporting of the OS code and configuration with the manageability and comprehensibility of reported configurations. Such trade-offs are essential because of the complexity and diversity of modern general purpose operating systems makes simple code authentication schemes using code hashes or certificates infeasible.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Specifications are available on the TCG web site, http://www.trustedcomputinggroup.org
Microft Online Crash Analysis data
Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture (1997)
Chen, L., Landfermann, R., Lohr, M., Rohe, A.S., Stuble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)
England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)
England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)
Franklin, M., Mitcham, K., Smith, S.W., Stabiner, J., Wild, O.: Ca-in-a-box. In: EuroPKI: Lecture notes in computer science, pp. 180–190 (2005)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP 2003: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 193–206. ACM, New York (2003)
Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: VM 2004: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, Berkeley, CA, USA, p. 3. USENIX Association (2004)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: Scalable secure file sharing on untrusted storage. In: FAST 2003: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, Berkeley, CA, USA, pp. 29–42. USENIX Association (2003)
Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the vax vmm security kernel. IEEE Trans. Softw. Eng. 17(11), 1147–1165 (1991)
Kauer, B.: Oslo: Improving the security of trusted computing. In: Proceedings of the 16th USENIX Security Symposium (2007)
Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 50–57. ACM, New York (2007)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992)
Loeser, J., England, P.: Para-virtualized tpm sharing. In: Proceedings of TRUST2008 (these proceedings), London, UK, Springer, Heidelberg (2008)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Mitchell, C.: Trusted Computing (Professional Applications of Computing) (Professional Applications of Computing). IEE (2005)
Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context (HP Professional Series). Prentice Hall, Englewood Cliffs (2002)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
England, P. (2008). Practical Techniques for Operating System Attestation. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-68979-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68978-2
Online ISBN: 978-3-540-68979-9
eBook Packages: Computer ScienceComputer Science (R0)