Verifying system integrity by proxy

Joshua Schiffman, Hayawardh Vijayakumar, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Users are increasingly turning to online services, but are concerned for the safety of their personal data and critical business tasks. While secure communication protocols like TLS authenticate and protect connections to these services, they cannot guarantee the correctness of the endpoint system. Users would like assurance that all the remote data they receive is from systems that satisfy the users' integrity requirements. Hardware-based integrity measurement (IM) protocols have long promised such guarantees, but have failed to deliver them in practice. Their reliance on non-performant devices to generate timely attestations and ad hoc measurement frameworks limits the efficiency and completeness of remote integrity verification. In this paper, we introduce the integrity verification proxy (IVP), a service that enforces integrity requirements over connections to remote systems. The IVP monitors changes to the unmodified system and immediately terminates connections to clients whose specific integrity requirements are not satisfied while eliminating the attestation reporting bottleneck imposed by current IM protocols. We implemented a proof-of-concept IVP that detects several classes of integrity violations on a Linux KVM system, while imposing less than 1.5% overhead on two application benchmarks and no more than 8% on I/O-bound micro-benchmarks.

Original languageEnglish (US)
Title of host publicationTrust and Trustworthy Computing - 5th International Conference, TRUST 2012, Proceedings
Pages179-200
Number of pages22
DOIs
StatePublished - Jul 4 2012
Event5th International Conference onTrust and Trustworthy Computing, TRUST 2012 - Vienna, Austria
Duration: Jun 13 2012Jun 15 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7344 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other5th International Conference onTrust and Trustworthy Computing, TRUST 2012
CountryAustria
CityVienna
Period6/13/126/15/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Verifying system integrity by proxy'. Together they form a unique fingerprint.

  • Cite this

    Schiffman, J., Vijayakumar, H., & Jaeger, T. (2012). Verifying system integrity by proxy. In Trust and Trustworthy Computing - 5th International Conference, TRUST 2012, Proceedings (pp. 179-200). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7344 LNCS). https://doi.org/10.1007/978-3-642-30921-2_11