Abstract
A program is a compound of various subroutines playing different roles. In this paper, we study how to attest the execution of those mission-critical subroutines whose execution is the basis to establish trust. Our results include a new attestation scheme called function attestation. Given a function F of a program \(\mathcal{P}\), the proposed scheme allows for an efficient and secure attestation by using the debug facility of processors and building a trust chain rooted at TPM. Our scheme is lightweight and easy to deploy. It can also be easily extended to support multiple-threaded programs and data flow attestation with slightly more overhead.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra a virtual machine-based platform for trusted computing. In: SOSP 2003, Bolton Landing, New York, USA (October 2003)
Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Xu, S., Nita-Rotaru, C., Seifert, J.-P. (eds.) Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, Alexandria, VA, USA, October 31, pp. 11–20. ACM, New York (2008)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation—a virtual machine directed approach to trusted computing. In: The Third virtual Machine Research and Technology Symposium (VM 2004). USENIX (2004)
Intel Corporation. Intel IA-64 Architecture Software Developer’s Manual: Volume 1: IA-64 Application Architecture. Intel Corporation, pub-INTEL:adr (January 2000)
Intel Corporation. Intel IA-64 Architecture Software Developer’s Manual: Volume 4: Itanium Processor Programmer’s Guide. Intel Corporation, pub-INTEL:adr (January 2000)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Sventek, J.S., Hand, S. (eds.) Proceedings of the 2008 EuroSys Conference, Glasgow, Scotland, UK, April 1-4, pp. 315–328. ACM, New York (2008)
Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical report, IBM Research Report RZ 3548 (2004)
Sadeghi, A.-R., Stble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: New Security Paradigms (2004)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: CCS 2004, Washington, DC, USA, October 25-29 (2004)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA (August 2004)
Shi, E., Perrig, A., Van Doorn, L.: Bind: A fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy (2005)
Trusted Computing Group. Trusted platform module main specification (October 2003), http://www.trustedcomputinggroup.org
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux Security Modules: General security support for the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium, USENIX (August 2002)
Li, X.-Y., Shen, C.-X., Zuo, X.-D.: An efficient attestation for trustworthiness of computing platform. In: Proceedings of the 2006 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2006 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gu, L., Cheng, Y., Ding, X., Deng, R.H., Guo, Y., Shao, W. (2010). Remote Attestation on Function Execution (Work-in-Progress). In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-14597-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14596-4
Online ISBN: 978-3-642-14597-1
eBook Packages: Computer ScienceComputer Science (R0)