“Secure Identification of Actively Executed Code on a Generic Trusted Component”
From Navigators
(Difference between revisions)
(Created page with "{{Publication |type=inproceedings |document=Document for Publication-DSNb 2016.pdf |title=Secure Identification of Actively Executed Code on a Generic Trusted Component |author=B...") |
|||
Line 3: | Line 3: | ||
|document=Document for Publication-DSNb 2016.pdf | |document=Document for Publication-DSNb 2016.pdf | ||
|title=Secure Identification of Actively Executed Code on a Generic Trusted Component | |title=Secure Identification of Actively Executed Code on a Generic Trusted Component | ||
- | |author=Bruno Vavala, Nuno Neves, Peter Steenkiste, | + | |author=Bruno Vavala, Nuno Ferreira Neves, Peter Steenkiste, |
- | |Project=Project:SUPERCLOUD, | + | |Project=Project:SUPERCLOUD, |
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | |ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | ||
|month=jun | |month=jun | ||
Line 24: | Line 24: | ||
a widely-deployed database engine, improving query-processing | a widely-deployed database engine, improving query-processing | ||
time up to 2× compared to the monolithic execution of the engine. | time up to 2× compared to the monolithic execution of the engine. | ||
- | |||
|booktitle=Proceedings of the International Conference on Dependable Systems and Networks (DSN) | |booktitle=Proceedings of the International Conference on Dependable Systems and Networks (DSN) | ||
}} | }} |
Latest revision as of 08:03, 5 June 2016
Bruno Vavala, Nuno Ferreira Neves, Peter Steenkiste
in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2016.
Abstract: Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today’s approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.
Download paper
Download Secure Identification of Actively Executed Code on a Generic Trusted Component
Export citation
Project(s): Project:SUPERCLOUD
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)