Abstract
|
Code identity is a fundamental concept for … Code identity is a fundamental concept for authenticated
operations in Trusted Computing. In today’s approach, the
overhead of assigning an identity to a protected service increases
linearly with the service code size. In addition, service code size
continues to grow to accommodate richer services. This trend
negatively impacts either the security or the efficiency of current
protocols for trusted executions.
We present an execution protocol that breaks the dependency
between the code size of the service and the identification
overhead, without affecting security, and that works on different
trusted components. This is achieved by computing an identity
for each of the code modules that are actually executed, and
then building a robust chain of trust that links them together for
efficient verification. We implemented and applied our protocol to
a widely-deployed database engine, improving query-processing
time up to 2× compared to the monolithic execution of the engine. to the monolithic execution of the engine.
|