“Secure Identification of Actively Executed Code on a Generic Trusted Component”

From Navigators

Jump to: navigation, search

Bruno Vavala, Nuno Ferreira Neves, Peter Steenkiste

in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2016.

Abstract: Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today’s approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.

Download paper

Download Secure Identification of Actively Executed Code on a Generic Trusted Component

Export citation

BibTeX

Project(s): Project:SUPERCLOUD

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox