Dynamic integrity measurement and attestation
- 13 November 2009
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 2009 ACM workshop on Scalable trusted computing - STC '09
Abstract
Despite the many efforts made in recent years to mitigate runtime attacks such as stack and heap based buffer overflows, these attacks are still a common security concern in today's computing platforms. Attackers have even found new ways to enforce runtime attacks including use of a technique called return-oriented programming. Trusted Computing provides mechanisms to verify the integrity of all executable content in an operating system. But they only provide integrity at load-time and are not able to prevent or detect runtime attacks. To mitigate return-oriented programming attacks, we propose new runtime integrity monitoring techniques that use tracking instrumentation of program binaries based on taint analysis and dynamic tracing. We also describe how these techniques can be employed in a dynamic integrity measurement architecture (DynIMA). In this way we fill the gap between static load-time and dynamic runtime attestation and, in particular, extend trusted computing techniques to effectively defend against return-oriented programming attacks.Keywords
This publication has 18 references indexed in Scilit:
- When good instructions go badPublished by Association for Computing Machinery (ACM) ,2008
- Realizing property-based attestation and sealing with commonly available hard- and softwarePublished by Association for Computing Machinery (ACM) ,2007
- Linux kernel integrity measurement using contextual inspectionPublished by Association for Computing Machinery (ACM) ,2007
- The geometry of innocent flesh on the bonePublished by Association for Computing Machinery (ACM) ,2007
- Automated detection of persistent kernel control-flow attacksPublished by Association for Computing Machinery (ACM) ,2007
- RakshaPublished by Association for Computing Machinery (ACM) ,2007
- Minos: Control Data Attack Prevention Orthogonal to Memory ModelPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- PinPublished by Association for Computing Machinery (ACM) ,2005
- Property-based attestation for computing platformsPublished by Association for Computing Machinery (ACM) ,2005
- Secure program execution via dynamic information flow trackingPublished by Association for Computing Machinery (ACM) ,2004