TY - CONF
T1 - Design and implementation of a TCG-based integrity measurement architecture
AU - Sailer, Reiner
AU - Zhang, Xiaolan
AU - Jaeger, Trent
AU - Van Doorn, Leendert
N1 - Funding Information:
The authors would like to thank the IBM Linux Technology Center for their continuing and invaluable support and our colleagues from the IBM Tokyo Research Lab, particularly Seiji Munetoh and his colleagues, for interesting discussions and for their TPM-enhancement of the grub boot loader. Finally, we would like to thank Ronald Perez, Steve Bade, and the anonymous referees for their useful comments.
Publisher Copyright:
© 2000 by The USENIX Association All Rights Reserved.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2004
Y1 - 2004
N2 - We present the design and implementation of a secure integrity measurement system for Linux. All executable content that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust measurement concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example. We apply our trust measurement architecture to a web server application where we show how our system can detect undesirable invocations, such as rootkit programs, and that our measurement architecture is practical in terms of the number of measurements taken and the performance impact of making them.
AB - We present the design and implementation of a secure integrity measurement system for Linux. All executable content that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust measurement concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example. We apply our trust measurement architecture to a web server application where we show how our system can detect undesirable invocations, such as rootkit programs, and that our measurement architecture is practical in terms of the number of measurements taken and the performance impact of making them.
UR - http://www.scopus.com/inward/record.url?scp=85084162270&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084162270&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084162270
T2 - 13th USENIX Security Symposium
Y2 - 9 August 2004 through 13 August 2004
ER -