Secure Identification of Actively Executed Code on a Generic Trusted Component
Autor: | Nuno Neves, Bruno Vavala, Peter Steenkiste |
---|---|
Rok vydání: | 2016 |
Předmět: |
Trusted service manager
Source code business.industry Computer science media_common.quotation_subject 020206 networking & telecommunications 020207 software engineering Code Access Security 02 engineering and technology Trusted Computing Trusted Network Connect computer.software_genre law.invention Trusted computing base law 0202 electrical engineering electronic engineering information engineering Direct Anonymous Attestation Operating system Trusted client business computer Computer network media_common |
Zdroj: | DSN |
DOI: | 10.1109/dsn.2016.45 |
Popis: | Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today's approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine. |
Databáze: | OpenAIRE |
Externí odkaz: |