Verificação de integridade de software embarcado através de análise de tempo de resposta
Abstract
Software integrity verification is a main concern in several applications. It is a challenging problem to verify whether the software being executed in a given device is non-violated without having direct access to the memory area where it is stored the executable code. In the present work we propose a software integrity verification approach that addresses this problem. Our approach is based on the concept of "reflection", in which a software is requested to answer some questions about itself. We show that, under very reasonable assumptions, it is possible to build a protocol in which only an integer software will be able to answer correctly and in the expected time to the questions made to it.
References
Seshadri, A., Perrig, A., and van Doorn, L. (2004). Using software based attestation for verifying embedded systems in cars. In Technical Report. Carnegie Mellon University.
Kennell, R. and Jamieson, L. H. (2003). Establishing the genuinity of remote computer systems. In Proceedings of the 11th USENIX Security Symposium.
Smith, S. W. and Weingart, S. H. (1999). Building a high-performance, programmable secure coprocessor. Computer Networks (Special Issue on Computer Network Security), 31, pages 831–960.
Smith, S. W., Perez, R., Weingart, S. H., and Austel, V. (1999). Validating a highperformance, programmable secure coprocessor. In 22nd National Information Systems Security Conference.
Smith, S. W., Palmer, E., and Weingart, S. H. (1998). Using a high-performance, programmable secure coprocessor. In 2nd International Conference on Financial Cryptography.
Arbaugh, W. A., Keromytis, A. D., Farber, D. J., and Smith, J. M. (1998). Automated recovery in a secure bootstrap process. In Proceedings of the Symposium on Network and Distributed Systems Security, pages 155–167.
Arbaugh, W. A., Farber, D. J., and Smith, J. M. (1997). A reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 65–71.
Douglas, F. (1993). The compression cache: using on-line compression to extend physical memory. In Proceedings of the Third USENIX Conference, pages 519–529. USENIX Assoc.
Rivest, R. (1992). The md5 message-digest algorithm. In RFC 1321. Internet Engineering Task Force.
Smith, B. C. (1982). Procedural reflection in programming languages. In Ph.D. Thesis. MIT Laboratory for Computer Science.
Spinnelis, D. (2000). Reflection as a mechanism for software integrity verification. In ACM Transactions on Information and System Security vol.3 n.1, pages 51–62.
Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/default.mspx.
Trusted Computing Group. https://www.trustedcomputinggroup.org.
Kennell, R. and Jamieson, L. H. (2003). Establishing the genuinity of remote computer systems. In Proceedings of the 11th USENIX Security Symposium.
Smith, S. W. and Weingart, S. H. (1999). Building a high-performance, programmable secure coprocessor. Computer Networks (Special Issue on Computer Network Security), 31, pages 831–960.
Smith, S. W., Perez, R., Weingart, S. H., and Austel, V. (1999). Validating a highperformance, programmable secure coprocessor. In 22nd National Information Systems Security Conference.
Smith, S. W., Palmer, E., and Weingart, S. H. (1998). Using a high-performance, programmable secure coprocessor. In 2nd International Conference on Financial Cryptography.
Arbaugh, W. A., Keromytis, A. D., Farber, D. J., and Smith, J. M. (1998). Automated recovery in a secure bootstrap process. In Proceedings of the Symposium on Network and Distributed Systems Security, pages 155–167.
Arbaugh, W. A., Farber, D. J., and Smith, J. M. (1997). A reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 65–71.
Douglas, F. (1993). The compression cache: using on-line compression to extend physical memory. In Proceedings of the Third USENIX Conference, pages 519–529. USENIX Assoc.
Rivest, R. (1992). The md5 message-digest algorithm. In RFC 1321. Internet Engineering Task Force.
Smith, B. C. (1982). Procedural reflection in programming languages. In Ph.D. Thesis. MIT Laboratory for Computer Science.
Spinnelis, D. (2000). Reflection as a mechanism for software integrity verification. In ACM Transactions on Information and System Security vol.3 n.1, pages 51–62.
Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/default.mspx.
Trusted Computing Group. https://www.trustedcomputinggroup.org.
Published
2009-09-28
How to Cite
CARMO, L. F. R. da C.; MACHADO, R. C. S..
Verificação de integridade de software embarcado através de análise de tempo de resposta. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 9. , 2009, Campinas.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2009
.
p. 159-172.
DOI: https://doi.org/10.5753/sbseg.2009.20630.
