TY - GEN
T1 - Verifying system integrity by proxy
AU - Schiffman, Joshua
AU - Vijayakumar, Hayawardh
AU - Jaeger, Trent
N1 - Funding Information:
This material is based upon work supported by the National Science Foundation under Grant No. CNS-0931914 and CNS-1117692.
PY - 2012
Y1 - 2012
N2 - Users are increasingly turning to online services, but are concerned for the safety of their personal data and critical business tasks. While secure communication protocols like TLS authenticate and protect connections to these services, they cannot guarantee the correctness of the endpoint system. Users would like assurance that all the remote data they receive is from systems that satisfy the users' integrity requirements. Hardware-based integrity measurement (IM) protocols have long promised such guarantees, but have failed to deliver them in practice. Their reliance on non-performant devices to generate timely attestations and ad hoc measurement frameworks limits the efficiency and completeness of remote integrity verification. In this paper, we introduce the integrity verification proxy (IVP), a service that enforces integrity requirements over connections to remote systems. The IVP monitors changes to the unmodified system and immediately terminates connections to clients whose specific integrity requirements are not satisfied while eliminating the attestation reporting bottleneck imposed by current IM protocols. We implemented a proof-of-concept IVP that detects several classes of integrity violations on a Linux KVM system, while imposing less than 1.5% overhead on two application benchmarks and no more than 8% on I/O-bound micro-benchmarks.
AB - Users are increasingly turning to online services, but are concerned for the safety of their personal data and critical business tasks. While secure communication protocols like TLS authenticate and protect connections to these services, they cannot guarantee the correctness of the endpoint system. Users would like assurance that all the remote data they receive is from systems that satisfy the users' integrity requirements. Hardware-based integrity measurement (IM) protocols have long promised such guarantees, but have failed to deliver them in practice. Their reliance on non-performant devices to generate timely attestations and ad hoc measurement frameworks limits the efficiency and completeness of remote integrity verification. In this paper, we introduce the integrity verification proxy (IVP), a service that enforces integrity requirements over connections to remote systems. The IVP monitors changes to the unmodified system and immediately terminates connections to clients whose specific integrity requirements are not satisfied while eliminating the attestation reporting bottleneck imposed by current IM protocols. We implemented a proof-of-concept IVP that detects several classes of integrity violations on a Linux KVM system, while imposing less than 1.5% overhead on two application benchmarks and no more than 8% on I/O-bound micro-benchmarks.
UR - http://www.scopus.com/inward/record.url?scp=84863094308&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84863094308&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-30921-2_11
DO - 10.1007/978-3-642-30921-2_11
M3 - Conference contribution
AN - SCOPUS:84863094308
SN - 9783642309205
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 179
EP - 200
BT - Trust and Trustworthy Computing - 5th International Conference, TRUST 2012, Proceedings
T2 - 5th International Conference onTrust and Trustworthy Computing, TRUST 2012
Y2 - 13 June 2012 through 15 June 2012
ER -