1,274 research outputs found
ERASMUS: Efficient Remote Attestation via Self- Measurement for Unattended Settings
Remote attestation (RA) is a popular means of detecting malware in embedded
and IoT devices. RA is usually realized as an interactive protocol, whereby a
trusted party -- verifier -- measures integrity of a potentially compromised
remote device -- prover. Early work focused on purely software-based and fully
hardware-based techniques, neither of which is ideal for low-end devices. More
recent results have yielded hybrid (SW/HW) security architectures comprised of
a minimal set of features to support efficient and secure RA on low-end
devices.
All prior RA techniques require on-demand operation, i.e, RA is performed in
real time. We identify some drawbacks of this general approach in the context
of unattended devices: First, it fails to detect mobile malware that enters and
leaves the prover between successive RA instances. Second, it requires the
prover to engage in a potentially expensive (in terms of time and energy)
computation, which can be harmful for critical or real-time devices.
To address these drawbacks, we introduce the concept of self-measurement
where a prover device periodically (and securely) measures and records its own
software state, based on a pre-established schedule. A possibly untrusted
verifier occasionally collects and verifies these measurements. We present the
design of a concrete technique called ERASMUS : Efficient Remote Attestation
via Self-Measurement for Unattended Settings, justify its features and evaluate
its performance. In the process, we also define a new metric -- Quality of
Attestation (QoA). We argue that ERASMUS is well-suited for time-sensitive
and/or safety-critical applications that are not served well by on-demand RA.
Finally, we show that ERASMUS is a promising stepping stone towards handling
attestation of multiple devices (i.e., a group or swarm) with high mobility
Towards a Trustworthy Thin Terminal for Securing Enterprise Networks
Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization\u27s network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators
TCG based approach for secure management of virtualized platforms: state-of-the-art
There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms
Security and trust in a Network Functions Virtualisation Infrastructure
L'abstract è presente nell'allegato / the abstract is in the attachmen
Composite Enclaves: Towards Disaggregated Trusted Execution
The ever-rising computation demand is forcing the move from the CPU to
heterogeneous specialized hardware, which is readily available across modern
datacenters through disaggregated infrastructure. On the other hand, trusted
execution environments (TEEs), one of the most promising recent developments in
hardware security, can only protect code confined in the CPU, limiting TEEs'
potential and applicability to a handful of applications. We observe that the
TEEs' hardware trusted computing base (TCB) is fixed at design time, which in
practice leads to using untrusted software to employ peripherals in TEEs. Based
on this observation, we propose \emph{composite enclaves} with a configurable
hardware and software TCB, allowing enclaves access to multiple computing and
IO resources. Finally, we present two case studies of composite enclaves: i) an
FPGA platform based on RISC-V Keystone connected to emulated peripherals and
sensors, and ii) a large-scale accelerator. These case studies showcase a
flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a
low-performance overhead (only around 220 additional cycles for a context
switch), thus demonstrating the feasibility of our approach and showing that it
can work with a wide range of specialized hardware
Evaluating software verification systems: benchmarks and competitions
This report documents the program and the outcomes of Dagstuhl Seminar 14171 “Evaluating Software Verification Systems: Benchmarks and Competitions”. The seminar brought together a large group of current and future competition organizers and participants, benchmark maintainers, as well as practitioners and researchers interested in the topic. The seminar was conducted as a highly interactive event, with a wide spectrum of contributions from participants, including talks, tutorials, posters, tool demonstrations, hands-on sessions, and a live competition
Klever: Verification Framework for Critical Industrial C Programs
Automatic software verification tools help to find hard-to-detect faults in
programs checked against specified requirements non-interactively. Besides,
they can prove program correctness formally under certain assumptions. These
capabilities are vital for verification of critical industrial programs like
operating system kernels and embedded software. However, such programs can
contain hundreds or thousands of KLOC that prevent obtaining valuable
verification results in any reasonable time when checking non-trivial
requirements. Also, existing tools do not provide widely adopted means for
environment modeling, specification of requirements, verification of many
versions and configurations of target programs, and expert assessment of
verification results. In this paper, we present the Klever software
verification framework, designed to reduce the effort of applying automatic
software verification tools to large and critical industrial C programs.Comment: 53 page
- …