Race-Free On-demand Integrity Measurement Architecture

Serial: 
UNT-2015-10-3
PI: 
Kavi
Industry: 
Keywords: 
Trusted Platform Modules, Secure Measurements, Time of Check To Time of Use (TOCTTOU) Attacks, Virtualization
Abstract: 

We propose a solution to the critical problem of designing secure and trustworthy computing platforms which are key to assuring trust and security of cyber systems. Typically, it is acceptable to assume that known hardware will not be malicious, thus making the hardware the root of security and trust. It is necessary, however to measure and verify the software entities. Since the “state” of software changes continuously, it is possible for a known software entity to transition from good state to malicious state. Thus computing platforms should be designed in such a way that it can either prevent or detect the software entity transitioning from a good state to malicious state. Relying on such hardware system we can create trusted environments, which in turn can be used to launch NFVs  (Network Function Virtualization) and provide different levels of security for each isolated environment. An example application can be smart homes where different appliances or Internet of Things may require different levels authentication or protection. We can use our system to define different virtual but trusted environments, verify NFVs, including functions that implement authentication, encryption, firewalls, etc, before launching those network functions.We propose a solution to the critical problem of designing secure and trustworthy computing platforms which are key to assuring trust and security of cyber systems. Typically, it is acceptable to assume that known hardware will not be malicious, thus making the hardware the root of security and trust. It is necessary, however to measure and verify the software entities. Since the “state” of software changes continuously, it is possible for a known software entity to transition from good state to malicious state. Thus computing platforms should be designed in such a way that it can either prevent or detect the software entity transitioning from a good state to malicious state. Relying on such hardware system we can create trusted environments, which in turn can be used to launch NFVs  (Network Function Virtualization) and provide different levels of security for each isolated environment. An example application can be smart homes where different appliances or Internet of Things may require different levels authentication or protection. We can use our system to define different virtual but trusted environments, verify NFVs, including functions that implement authentication, encryption, firewalls, etc, before launching those network functions.

University: 
UNT