Micro-Architecture Support for Integrity Measurement on Dynamic Instruction Trace
Hui Lin, Gyungho Lee
.
DOI: 10.4236/jis.2010.11001   PDF    HTML     7,021 Downloads   11,768 Views   Citations

Abstract

Trusted computing allows attesting remote system’s trustworthiness based on the software stack whose integrity has been measured. However, attacker can corrupt system as well as measurement operation. As a result, nearly all integrity measurement mechanism suffers from the fact that what is measured may not be same as what is executed. To solve this problem, a novel integrity measurement called dynamic instruction trace measurement (DiT) is proposed. For DiT, processor’s instruction cache is modified to stores back instructions to memory. Consequently, it is designed as a assistance to existing integrity measurement by including dynamic instructions trace. We have simulated DiT in a full-fledged system emulator with level-1 cache modified. It can successfully update records at the moment the attestation is required. Overhead in terms of circuit area, power consumption, and access time, is less than 3% for most criterions. And system only introduces less than 2% performance overhead in average.

Share and Cite:

H. Lin and G. Lee, "Micro-Architecture Support for Integrity Measurement on Dynamic Instruction Trace," Journal of Information Security, Vol. 1 No. 1, 2010, pp. 1-10. doi: 10.4236/jis.2010.11001.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] “Trusted Computing Group.” http://www.trustedcompu- tinggroup.org
[2] TCG Specification Architecture Overview Specification Revision 1.4, Trusted Computing Group (TCG), 2007.
[3] IBM Integrity Measurement Architecture (IMA). http: //domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html
[4] J. M. McCune, B. Parno, A. Perrig, M. K. Reiter and A. Seshadri, “How Low can you Go Recommendations for Hardware-Supported Minimal TCB Code Execution,” Proceedings of ASPLOS’08, Seattle, Vol. 43, No. 3, 2008, pp. 14-25.
[5] G. Edward Suh, D. Clarke, B. Gassend, M. Dijk and S. Devadas, “AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing,” Proceedings of ICS’03, San Francisco, 2003, pp. 160-171.
[6] Y. X. Shi and G. H. Lee, “Augmenting Branch Predictor to Secure Program Execution,” Proceedings of DSN 07.
[7] http://www.hpl.hp.com/research/cacti/
[8] T. Austin and D. Burger, “The SimpleScalar Tool Set,” University of Wisconsin CS Department, Technical Report No. 1342, June 1997.
[9] T. Sherwood, E. Perelman, G. Hamerly and B. Calder, “Automatically Characterizing Large Scale Program Be-havior,” Proceedings of the 10th ASPLOS, California, Vol. 37, No. 10, 2002, pp. 45-57.
[10] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, et al., “Architectural Support for Copy and Tamper Resistant Soft-ware,” SIGPLAN Notice, Vol. 35, No. 11, 2000, pp. 178-179.
[11] P. Loscocco, P. Wilson, A. Pendergrass and C. McDonell, “Linux Kernel Integrity Measurement Using Contextual Inspection,” STC’07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, Virginia, 2007.
[12] L. Chen, R. Landfermann, H. Lohr and C. Stuble, “A Protocol for Property-Based Attestation,” Proceedings of STC’06, the ACM Press, Virginia, 2006, pp. 7-16.
[13] A. Sadeghi and C. Stuble, “Property-Based Attestation for Computing Platforms: Caring about Properties, not Mechanisms,” Proceedings of NSPW’04, New York, 2004, pp. 67-77.
[14] V. Haldar, D. Chandra and M. Franz, “Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing,” Proceedings of VM’04, San Jose, 2004, p. 3.
[15] M. Alam, X. W. Zhang, M. Nauman and T. Ali, “Beha-vioral Attestation for Web Services (BA4WS),” Pro-ceedings of the 2008 ACM Workshop on Secure Web Ser-vices, 2008.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.