Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation

Raghunathan Srinivasan; Partha Dasgupta; Tushar Gohad; Amiya Bhattacharya

doi:10.1007/978-3-642-17714-9_6

Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation

Raghunathan Srinivasan, Partha Dasgupta, Tushar Gohad, Amiya Bhattacharya

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.

Original language	English (US)
Title of host publication	Information Systems Security - 6th International Conference, ICISS 2010, Proceedings
Pages	66-80
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-17714-9_6
State	Published - 2010
Event	6th International Conference on Information Systems Security, ICISS 2010 - Gandhinagar, India Duration: Dec 17 2010 → Dec 19 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6503 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	6th International Conference on Information Systems Security, ICISS 2010
Country/Territory	India
City	Gandhinagar
Period	12/17/10 → 12/19/10

Keywords

code injection
integrity measurement
remote attestation

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-17714-9_6

Cite this

Srinivasan, R., Dasgupta, P., Gohad, T., & Bhattacharya, A. (2010). Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation. In Information Systems Security - 6th International Conference, ICISS 2010, Proceedings (pp. 66-80). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6503 LNCS). https://doi.org/10.1007/978-3-642-17714-9_6

Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation. / Srinivasan, Raghunathan; Dasgupta, Partha; Gohad, Tushar et al.
Information Systems Security - 6th International Conference, ICISS 2010, Proceedings. 2010. p. 66-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6503 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Srinivasan, R, Dasgupta, P, Gohad, T & Bhattacharya, A 2010, Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation. in Information Systems Security - 6th International Conference, ICISS 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6503 LNCS, pp. 66-80, 6th International Conference on Information Systems Security, ICISS 2010, Gandhinagar, India, 12/17/10. https://doi.org/10.1007/978-3-642-17714-9_6

Srinivasan R, Dasgupta P, Gohad T, Bhattacharya A. Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation. In Information Systems Security - 6th International Conference, ICISS 2010, Proceedings. 2010. p. 66-80. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-17714-9_6

Srinivasan, Raghunathan ; Dasgupta, Partha ; Gohad, Tushar et al. / Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation. Information Systems Security - 6th International Conference, ICISS 2010, Proceedings. 2010. pp. 66-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9c9ca90f3d32448787b24e7ed92335db,

title = "Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation",

abstract = "Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.",

keywords = "code injection, integrity measurement, remote attestation",

author = "Raghunathan Srinivasan and Partha Dasgupta and Tushar Gohad and Amiya Bhattacharya",

note = "Funding Information: Acknowledgements. This material is based upon work supported in part by the National Science Foundation under Grant No. CNS-1011931. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Funding Information: This material is based upon work supported in part by the National Science Foundation under Grant No. CNS-1011931. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.; 6th International Conference on Information Systems Security, ICISS 2010 ; Conference date: 17-12-2010 Through 19-12-2010",

year = "2010",

doi = "10.1007/978-3-642-17714-9_6",

language = "English (US)",

isbn = "3642177131",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "66--80",

booktitle = "Information Systems Security - 6th International Conference, ICISS 2010, Proceedings",

}

TY - GEN

T1 - Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation

AU - Srinivasan, Raghunathan

AU - Dasgupta, Partha

AU - Gohad, Tushar

AU - Bhattacharya, Amiya

N1 - Funding Information: Acknowledgements. This material is based upon work supported in part by the National Science Foundation under Grant No. CNS-1011931. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Funding Information: This material is based upon work supported in part by the National Science Foundation under Grant No. CNS-1011931. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.

PY - 2010

Y1 - 2010

N2 - Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.

AB - Integrity of computing platforms is paramount. A platform is as secure as the applications executing on it. All applications are created with some inherent vulnerability or loophole. Attackers can analyze the presence of flaws in a particular binary and exploit them. Traditional virus scanners are also binaries which can be attacked by malware. This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted external server. The trusted external server issues a challenge to the client machine which responds to the challenge. The response determines the integrity of the application.

KW - code injection

KW - integrity measurement

KW - remote attestation

UR - http://www.scopus.com/inward/record.url?scp=78650856954&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650856954&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-17714-9_6

DO - 10.1007/978-3-642-17714-9_6

M3 - Conference contribution

AN - SCOPUS:78650856954

SN - 3642177131

SN - 9783642177132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 66

EP - 80

BT - Information Systems Security - 6th International Conference, ICISS 2010, Proceedings

T2 - 6th International Conference on Information Systems Security, ICISS 2010

Y2 - 17 December 2010 through 19 December 2010

ER -

Determining the integrity of application binaries on unsecure legacy machines using software based remote attestation

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this