ABSTRACT
We present design and implementation of behaviour based attestation of an enterprise centric application. Remote attestation is used to measure the trustworthiness of the target platform. Some of the techniques proposed in the past are hash based which are efficient but could not measure malicious behaviour of an application caused by buffer overflow attacks or misconfigured by end user. To tackle these attacks the runtime dynamic behaviour of the target application should be measured and verified. In this regard, behaviour based attestation techniques are proposed but they have problems of efficiency and verification at the challenger end. In this research, we have designed and implemented an architecture of sliding windows of system calls which reduces measurement of the application's behaviour and is successfully able to identify trustworthiness of the target application. We have reproduced the previous system calls based techniques and compared the results with our work to prove the performance improvements.
- Project: Dynamic Behavioral Attestation for Mobile Platforms. http://serg.imsciences.edu.pk/projects/dbamp/.Google Scholar
- Alam, M., Zhang, X., Nauman, M., and Ali, T. Behavioral Attestation for Web Services (BA4WS). In SWS'08: Proceedings of the ACM Workshop on Secure Web Services (SWS) located at 15th ACM Conference on Computer and Communications Security (CCS-15) (New York, NY, USA, 2008), ACM Press. Google ScholarDigital Library
- Alam, M., Zhang, X., Nauman, M., Ali, T., and Seifert, J.-P. Model-based Behavioral Attestation. In SACMAT '08: Proceedings of the thirteenth ACM symposium on Access control models and technologies. (New York, NY, USA, 2008), ACM Press. Google ScholarDigital Library
- Ali, T., Nauman, M., and Alam, M. Scalable Remote Attestation with Privacy Protection. In InTrust'09: Proceedings of the International Conference on Trusted Systems (2009), Springer. Google ScholarDigital Library
- Ali, T., Nauman, M., and Zhang, X. On leveraging stochastic models for remote attestation. In Trusted Systems. Springer, 2011, pp. 290--301. Google ScholarDigital Library
- Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., and Stüble, C. A protocol for property-based attestation. In Proceedings of the first ACM workshop on Scalable trusted computing (2006), ACM, pp. 7--16. Google ScholarDigital Library
- Davi, L., Sadeghi, A., and Winandy, M. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In Proceedings of the 2009 ACM workshop on Scalable trusted computing (2009), ACM, pp. 49--54. Google ScholarDigital Library
- Fawcett, T. An introduction to roc analysis. Pattern recognition letters 27, 8 (2006), 861--874. Google ScholarDigital Library
- GNU. Gnu Not Unix, 2013. http://www.gnu.org.philosophy.free-sw.html.Google Scholar
- Gu, L., Cheng, Y., Ding, X., Deng, R., Guo, Y., and Shao, W. Remote Attestation on Function Execution. In InTrust'09: Proceedings of the 2009 International Conference on Trusted Systems (2009). Google ScholarDigital Library
- Gu, L., Ding, X., Deng, R., Xie, B., and Mei, H. Remote Attestation on Program Execution. In STC '08: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing (New York, NY, USA, 2008), ACM. Google ScholarDigital Library
- Haldar, V., Chandra, D., and Franz, M. Semantic Remote Attestation -- A Virtual Machine directed approach to Trusted Computing. In. Proc. of the Third Virtual Machine Research and Technology Symposium USENIX 2004 (2004). Google ScholarDigital Library
- Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. The WEKA data mining software: An update. ACM SIGKDD Explorations Newsletter 11, 1 (2009), 10--18. Google ScholarDigital Library
- Jaeger, T., Sailer, R., and Shankar, U. PRIMA: Policy-Reduced Integrity Measurement Architecture. In SACMAT '06: Proceedings of the eleventh ACM Symposium on Access Control Models and Technologies (New York, NY, USA, 2006), ACM Press, pp. 19--28. Google ScholarDigital Library
- Li, X.-Y., xiang Shen, C., and Zuo, X.-D. An Efficient Attestation for Trustworthiness of Computing Platform. In IIH-MSP (2006), pp. 625--630. Google ScholarDigital Library
- Loscocco, P. A., Wilson, P. W, Pendergrass, J. A., and McDonell, C. D. Linux Kernel Integrity Measurement Using Contextual Inspection. In STC '07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (New York, NY, USA, 2007), ACM, pp. 21--29. Google ScholarDigital Library
- Lyle, J. Trustable Remote Verification of Web Services. In Trusted Computing: Second International Conference on Trusted Computing, Trust 2009 Oxford, UK, April 6--8, 2009 Proceedings (2009), Springer London, Limited, p. 153. Google ScholarDigital Library
- Nauman, M., Alam, M., Ali, T., and Zhang, X. Remote Attestation of Attribute Updates and Information Flows in a UCON System. In Trust'09: Proceedings of the Second International Conference on Technical and Socio-Economic Aspects of Trusted Computing (2009), Springer, pp. 63--80. Google ScholarDigital Library
- NSA. Security-Enhanced Linux (SELinux), 2010. Available at: http://www.nsa.gov/selinux/.Google Scholar
- Poritz, J., Schunter, M., Herreweghen, E. V., and Waidner, M. Property Attestation -- Scalable and Privacy-friendly Security Assessment of Peer Computers. In IBM Research Report RZ 3548 (# 99559) 05/10/2004.Google Scholar
- Sadeghi, A.-R., and Stüble, C. Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In NSPW '04: Proceedings of the 2004 Workshop on New Security Paradigms (New York, NY, USA, 2004), ACM Press, pp. 67--77. Google ScholarDigital Library
- Sailer, R., Jaeger, T., Zhang, X., and van Doorn, L. Attestation-based Policy Enforcement for Remote Access. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security (New York, NY, USA, 2004), ACM Press, pp. 308--317. Google ScholarDigital Library
- Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. Design and Implementation of a TCG-based Integrity Measurement Architecture. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium (2004). Google ScholarDigital Library
- Shacham, H. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proceedings of the 14th ACM conference on Computer and Communications Security (CCS'08) (2007), ACM New York, NY, USA, pp. 552--561. Google ScholarDigital Library
- Sheehy, J., Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., Monk, L., Ramsdell, J., and Sniffen, B. Attestation: Evidence and trust. Mitre Technical Paper, March (2007).Google Scholar
- Stumpf, F., Fuchs, A., Katzenbeisser, S., and Eckert, C. Improving the scalability of platform attestation. In STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computing (New York, NY, USA, 2008), ACM, pp. 1--10. http://doi.acm.org/10.1145/1456455.1456457. Google ScholarDigital Library
- TCG. TCG Specification Architecture Overview v1.2, page 11--12. Tech. rep., Trusted Computing Group, April 2004.Google Scholar
- techcrunch. Tech Chrunch, 2012. http://tinyurl.com/cd63fua.Google Scholar
- veracode. Veracode, state of the software security report, 2013. https://www.veracode.com/images/pdf/soss/state-of-software-security-report-volume5.pdf.Google Scholar
- Yoshihama, S., Ebringer, T, Nakamura, M., Munetoh, S., Mishina, T, and Maruyama, H. WS-Attestation: Enabling Trusted Computing on Web Services. Test and Analysis of Web Services (2007), 441--469.Google Scholar
Index Terms
- Design and implementation of an efficient framework for behaviour attestation using n-call slides
Recommendations
Analysis of existing remote attestation techniques
This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Model-Driven Remote Attestation: Attesting Remote System from Behavioral Aspect
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer ScientistsRemote attestation was introduced in TCG specificationsto determine whether a remote system is trusted to behavein a particular manner for a specific purpose; however,most of the existing approaches attest only the integritystate of a remote system and ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management EngineeringDuring the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Comments