TY - GEN
T1 - Establishing and sustaining system integrity via root of trust installation
AU - St.Clair, Luke
AU - Schiffman, Joshua
AU - Jaeger, Trent
AU - McDaniel, Patrick
PY - 2007
Y1 - 2007
N2 - Integrity measurements provide a means by which distributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the identity of software, but provide no indication of the ongoing status of the system or its data. As a result, a number of significant vulnerabilities can result if the system is not configured and managed carefully. To improve the management of a system's integrity, we propose a Root of Trust Installation (ROTI) as a foundation for high integrity systems. A ROTI is a trusted system installer that also asserts the integrity of the trusted computing base software and data that it installs to enable straightforward, comprehensive integrity verification for a system. The ROTI addresses a historically limiting problem in integrity measurement: determining what constitutes a trusted system state in a heterogeneous, evolving environment. Using the ROTI, a high integrity system state is defined by its installer, thus enabling a remote party to verify integrity guarantees that approximate classical integrity models (e.g., Biba). In this paper, we examine what is necessary to prove the integrity of the trusted computing base (sCore) of a distributed security architecture, called the Shamon. We describe the design and implementation of our custom ROTI sCore installer and study the costs and effectiveness of binding system integrity to installation in the distributed Shamon. This demonstration shows that strong integrity guarantees can be efficiently achieved in large, diverse environments with limited administrative overhead.
AB - Integrity measurements provide a means by which distributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the identity of software, but provide no indication of the ongoing status of the system or its data. As a result, a number of significant vulnerabilities can result if the system is not configured and managed carefully. To improve the management of a system's integrity, we propose a Root of Trust Installation (ROTI) as a foundation for high integrity systems. A ROTI is a trusted system installer that also asserts the integrity of the trusted computing base software and data that it installs to enable straightforward, comprehensive integrity verification for a system. The ROTI addresses a historically limiting problem in integrity measurement: determining what constitutes a trusted system state in a heterogeneous, evolving environment. Using the ROTI, a high integrity system state is defined by its installer, thus enabling a remote party to verify integrity guarantees that approximate classical integrity models (e.g., Biba). In this paper, we examine what is necessary to prove the integrity of the trusted computing base (sCore) of a distributed security architecture, called the Shamon. We describe the design and implementation of our custom ROTI sCore installer and study the costs and effectiveness of binding system integrity to installation in the distributed Shamon. This demonstration shows that strong integrity guarantees can be efficiently achieved in large, diverse environments with limited administrative overhead.
UR - http://www.scopus.com/inward/record.url?scp=48649110347&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=48649110347&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2007.25
DO - 10.1109/ACSAC.2007.25
M3 - Conference contribution
AN - SCOPUS:48649110347
SN - 0769530605
SN - 9780769530604
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 19
EP - 29
BT - Proceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
T2 - 23rd Annual Computer Security Applications Conference, ACSAC 2007
Y2 - 10 December 2007 through 14 December 2007
ER -