1,004 research outputs found
EmLog:Tamper-Resistant System Logging for Constrained Devices with TEEs
Remote mobile and embedded devices are used to deliver increasingly impactful
services, such as medical rehabilitation and assistive technologies. Secure
system logging is beneficial in these scenarios to aid audit and forensic
investigations particularly if devices bring harm to end-users. Logs should be
tamper-resistant in storage, during execution, and when retrieved by a trusted
remote verifier. In recent years, Trusted Execution Environments (TEEs) have
emerged as the go-to root of trust on constrained devices for isolated
execution of sensitive applications. Existing TEE-based logging systems,
however, focus largely on protecting server-side logs and offer little
protection to constrained source devices. In this paper, we introduce EmLog --
a tamper-resistant logging system for constrained devices using the
GlobalPlatform TEE. EmLog provides protection against complex software
adversaries and offers several additional security properties over past
schemes. The system is evaluated across three log datasets using an
off-the-shelf ARM development board running an open-source,
GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory
overhead (1MB heap and stack), 430--625 logs/second throughput, and five-times
persistent storage overhead versus unprotected logs.Comment: Accepted at the 11th IFIP International Conference on Information
Security Theory and Practice (WISTP '17
- …