CHORS: hardening high-assurance security systems with trusted computing

Research output: Contribution to conferencesPaperContributedpeer-review

Contributors

Abstract

High-assurance security systems require strong isolation from the untrusted world to protect the security-sensitive or privacy-sensitive data they process. Existing regulations impose that such systems must execute in a trustworthy operating system (OS) to ensure they are not collocated with untrusted software that might negatively impact their availability or security. However, the existing techniques to attest to the OS integrity fall short due to the cuckoo attack. We present and formally prove a novel defense against this attack. We implement it as part of an integrity monitoring and enforcement system that attests to the remote OS integrity 3.7× -- 8.5× faster than the existing integrity monitoring systems. We demonstrate its practicality by protecting a real-world eHealth application, and performing micro and macro-benchmarks.

Details

Original languageEnglish
Pages1626–1635
Publication statusPublished - May 2022
Peer-reviewedYes

Conference

TitleSAC '22: The 37th ACM/SIGAPP Symposium on Applied Computing
Conference number
Duration25 - 29 April 2022
Locationvirutal Event
City

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards