CHORS: hardening high-assurance security systems with trusted computing
Research output: Contribution to conferences › Paper › Contributed › peer-review
Contributors
Abstract
High-assurance security systems require strong isolation from the untrusted world to protect the security-sensitive or privacy-sensitive data they process. Existing regulations impose that such systems must execute in a trustworthy operating system (OS) to ensure they are not collocated with untrusted software that might negatively impact their availability or security. However, the existing techniques to attest to the OS integrity fall short due to the cuckoo attack. We present and formally prove a novel defense against this attack. We implement it as part of an integrity monitoring and enforcement system that attests to the remote OS integrity 3.7× -- 8.5× faster than the existing integrity monitoring systems. We demonstrate its practicality by protecting a real-world eHealth application, and performing micro and macro-benchmarks.
Details
Original language | English |
---|---|
Pages | 1626–1635 |
Publication status | Published - May 2022 |
Peer-reviewed | Yes |
Conference
Title | SAC '22: The 37th ACM/SIGAPP Symposium on Applied Computing |
---|---|
Conference number | |
Duration | 25 - 29 April 2022 |
Location | virutal Event |
City |