A security framework for the analysis and design of software attestation

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 1-12

  Armknecht, Frederik ^a   Sadeghi, Ahmad Reza ^b   Schulz, Steffen ^c   Wachsmann, Christian ^b  

^a UNIVERSITY OF MANNHEIM   (Germany)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^c INTEL CORPORATION   (United States)

Author keywords

keyless crypto; security framework; software attestation

Indexed keywords

DESIGN AND ANALYSIS; DESIGN OF SOFTWARES; GENERIC SOFTWARES; KEYLESS CRYPTO; SECURITY ANALYSIS; SECURITY FRAMEWORKS; SIDE-CHANNEL INFORMATION; SOFTWARE INTEGRITY;

COMPUTER SOFTWARE; CRYPTOGRAPHY; DESIGN;

SECURITY OF DATA;

EID: 84889015000     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2508859.2516650     Document Type: Conference Paper

References (32)

1. T. AbuHmed, N. Nyamaa, and D. Nyang. Software-based remote code attestation in wireless sensor network. In Global Telecommunications (GLOBECOM). IEEE, 2009.
2. Atmel. tinyAVR homepage. http://www.atmel.com/tinyavr/, 2013.
3. C. Castelluccia, A. Francillon, D. Perito, and C. Soriente. On the difficulty of software-based attestation of embedded devices. In Computer and Communications Security (CCS). ACM, 2009.
4. A. Datta, J. Franklin, D. Garg, and D. Kaynar. A logic of secure systems and its application to trusted computing. In Security and Privacy, 2009 30th IEEE Symposium on, 2009.
5. K. E. Defrawy, A. Francillon, D. Perito, and G. Tsudik. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2012.
6. C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In Advances in Cryptology - CRYPTO. Springer, 1993.
7. C. Dwork, M. Naor, and H. Wee. Pebbling and proofs of work. In Advances in Cryptology - CRYPTO. Springer, 2005.
8. A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. Systematic treatment of remote attestation. Cryptology ePrint Archive, Report 2012/713, 2012. http://eprint.iacr.org/.
9. J. Franklin, M. Luk, A. Seshadri, and A. Perrig. PRISM: Human-verifieable code execution. Technical report, Carnegie Mellon University, 2007.
10. R. W. Gardner, S. Garera, and A. D. Rubin. Detecting code alteration by creating a temporary memory bottleneck. Trans. Info. For. Sec., 4(4):638-650, 2009.
11. J. T. Giffin, M. Christodorescu, and L. Kruger. Strengthening software self-checksumming via self-modifying code. In Annual Computer Security Applications Conference (ACSAC). IEEE, 2005.
12. V. Graizer and D. Naccache. Alien vs. Quine. Security Privacy, IEEE, 5(2):26-31, 2007.
13. V. Gratzer and D. Naccache. Alien vs. Quine, the vanishing circuit and other tales from the industry's crypt. In Advances in Cryptology - EUROCRYPT. Springer, 2007. Invited Talk.
14. M. Jakobsson and K.-A. Johansson. Retroactive Detection of Malware With Applications to Mobile Platforms. In Workshop on Hot Topics in Security (HotSec). USENIX, 2010.
15. R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In USENIX Security Symposium. USENIX, 2003.
16. X. Kovah, C. Kallenberg, C. Weathers, A. Herzog, M. Albin, and J. Butterworth. New results for Timing-Based attestation. In Security and Privacy (S&P). IEEE, 2012.
17. Y. Li, J. M. McCune, and A. Perrig. VIPER: verifying the integrity of PERipherals' firmware. In Computer and Communications Security (CCS). ACM, 2011.
18. B. Parno, J. M. McCune, and A. Perrig. Bootstrapping Trust in Commodity Computers. In Security and Privacy (S&P). IEEE, 2010.
19. A.-R. Sadeghi, S. Schulz, and C. Wachsmann. Lightweight remote attestation using physical functions. In Wireless Network Security (WiSec). ACM, 2011.
20. D. Schellekens, B. Wyseur, and B. Preneel. Remote attestation on legacy operating systems with Trusted Platform Modules. Sci. Comput. Program., 74(1-2):13-22, 2008.
21. A. Seshadri, M. Luk, and A. Perrig. SAKE: Software attestation for key establishment in sensor networks. Distributed Computing in Sensor Systems, pages 372-385, 2008.
22. A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In Workshop on Wireless security (WiSe). ACM, 2006.
23. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Symposium on Operating Systems Principles (SOSP). ACM, 2005.
24. A. Seshadri, A. Perrig, L. van Doorn, and P. K. Khosla. SWATT: SoftWare-based ATTestation for embedded devices. In Security and Privacy (S&P). IEEE, 2004.
25. M. Shaneck, K. Mahadevan, V. Kher, and Y. Kim. Remote software-based attestation for wireless sensors. In Security and Privacy in Ad-hoc and Sensor Networks. Springer, 2005.
26. U. Shankar, M. Chew, and J. D. Tygar. Side effects are not sufficient to authenticate software. In USENIX Security Symposium. USENIX, 2004.
27. R. Strackx, F. Piessens, and B. Preneel. Efficient isolation of trusted subsystems in embedded systems. In Security and Privacy in Communication Networks (SecureComm). Springer, 2010.
28. Trusted Computing Group (TCG). TPM Main Specification, Version 1.2, 2011.
29. A. Vasudevan, J. Mccune, J. Newsome, A. Perrig, and L. V. Doorn. CARMA: A hardware tamper-resistant isolated execution environment on commodity x86 platforms. In ACM Symposium on Information, Computer and Communications Security (AsiaCCS). ACM, 2012.
30. Wikipedia. AES instruction set. http://en.wikipedia.org/wiki/AES- instruction-set, 2013.
31. Q. Yan, J. Han, Y. Li, R. H. Deng, and T. Li. A software-based root-of-trust primitive on multicore platforms. In ACM Symposium on Information, Computer and Communications Security (AsiaCCS). ACM, 2011.
32. Y. Yang, X. Wang, S. Zhu, and G. Cao. Distributed software-based attestation for node compromise detection in sensor networks. In Symposium on Reliable Distributed Systems (SRDS). IEEE, 2007.