Network-based root of trust for installation

Joshua Schiffman; Thomas Moyer; Trent Jaeger; Patrick McDaniel

doi:10.1109/MSP.2011.15

Network-based root of trust for installation

Joshua Schiffman
, Thomas Moyer
, Trent Jaeger
, Patrick McDaniel

Research output: Contribution to journal › Article › peer-review

18 Scopus citations

Abstract

Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the Network-Based Root of Trust for Installation (netROTI, for short) binds the state of a system to its installer and disk image. Evaluation results show that a netROTI installation adds about 8 seconds overhead plus 3 percent of image download time to a standard network install and thwarts many known attacks against the installation process.

Original language	English (US)
Article number	5705596
Pages (from-to)	40-48
Number of pages	9
Journal	IEEE Security and Privacy
Volume	9
Issue number	1
DOIs	https://doi.org/10.1109/MSP.2011.15
State	Published - Jan 2011

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Access to Document

10.1109/MSP.2011.15

Cite this

@article{4dc6023d6d1340f88160d7a0b8e63fcf,

title = "Network-based root of trust for installation",

abstract = "Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the Network-Based Root of Trust for Installation (netROTI, for short) binds the state of a system to its installer and disk image. Evaluation results show that a netROTI installation adds about 8 seconds overhead plus 3 percent of image download time to a standard network install and thwarts many known attacks against the installation process.",

author = "Joshua Schiffman and Thomas Moyer and Trent Jaeger and Patrick McDaniel",

note = "Funding Information: This work was supported by NSF grants CNS-0931914 and",

year = "2011",

month = jan,

doi = "10.1109/MSP.2011.15",

language = "English (US)",

volume = "9",

pages = "40--48",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "1",

}

TY - JOUR

T1 - Network-based root of trust for installation

AU - Schiffman, Joshua

AU - Moyer, Thomas

AU - Jaeger, Trent

AU - McDaniel, Patrick

N1 - Funding Information: This work was supported by NSF grants CNS-0931914 and

PY - 2011/1

Y1 - 2011/1

N2 - Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the Network-Based Root of Trust for Installation (netROTI, for short) binds the state of a system to its installer and disk image. Evaluation results show that a netROTI installation adds about 8 seconds overhead plus 3 percent of image download time to a standard network install and thwarts many known attacks against the installation process.

AB - Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the Network-Based Root of Trust for Installation (netROTI, for short) binds the state of a system to its installer and disk image. Evaluation results show that a netROTI installation adds about 8 seconds overhead plus 3 percent of image download time to a standard network install and thwarts many known attacks against the installation process.

UR - https://www.scopus.com/pages/publications/79551643516

UR - https://www.scopus.com/pages/publications/79551643516#tab=citedBy

U2 - 10.1109/MSP.2011.15

DO - 10.1109/MSP.2011.15

M3 - Article

AN - SCOPUS:79551643516

SN - 1540-7993

VL - 9

SP - 40

EP - 48

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 1

M1 - 5705596

ER -

Network-based root of trust for installation

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this