Establishing and sustaining system integrity via root of trust installation

Luke St.Clair, Joshua Schiffman, Trent Jaeger, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

Integrity measurements provide a means by which distributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the identity of software, but provide no indication of the ongoing status of the system or its data. As a result, a number of significant vulnerabilities can result if the system is not configured and managed carefully. To improve the management of a system's integrity, we propose a Root of Trust Installation (ROTI) as a foundation for high integrity systems. A ROTI is a trusted system installer that also asserts the integrity of the trusted computing base software and data that it installs to enable straightforward, comprehensive integrity verification for a system. The ROTI addresses a historically limiting problem in integrity measurement: determining what constitutes a trusted system state in a heterogeneous, evolving environment. Using the ROTI, a high integrity system state is defined by its installer, thus enabling a remote party to verify integrity guarantees that approximate classical integrity models (e.g., Biba). In this paper, we examine what is necessary to prove the integrity of the trusted computing base (sCore) of a distributed security architecture, called the Shamon. We describe the design and implementation of our custom ROTI sCore installer and study the costs and effectiveness of binding system integrity to installation in the distributed Shamon. This demonstration shows that strong integrity guarantees can be efficiently achieved in large, diverse environments with limited administrative overhead.

Original languageEnglish (US)
Title of host publicationProceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
Pages19-29
Number of pages11
DOIs
StatePublished - 2007
Event23rd Annual Computer Security Applications Conference, ACSAC 2007 - Miami Beach, FL, United States
Duration: Dec 10 2007Dec 14 2007

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other23rd Annual Computer Security Applications Conference, ACSAC 2007
CountryUnited States
CityMiami Beach, FL
Period12/10/0712/14/07

All Science Journal Classification (ASJC) codes

  • Software
  • Engineering(all)

Fingerprint Dive into the research topics of 'Establishing and sustaining system integrity via root of trust installation'. Together they form a unique fingerprint.

Cite this