• Corpus ID: 7759279

Design and Implementation of a TCG-based Integrity Measurement Architecture

  title={Design and Implementation of a TCG-based Integrity Measurement Architecture},
  author={Reiner Sailer and Xiaolan Zhang and Trent Jaeger and Leendert van Doorn},
  booktitle={USENIX Security Symposium},
We present the design and implementation of a secure integrity measurement system for Linux. All executable content that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust measurement concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that… 

Figures and Tables from this paper

Testing and evaluation of a secure integrity measurement system (SIMS) for remote systems
The system evaluation has shown that the SIMS can provide a tamper detection, and recovery to different kinds of content, and efficiently and correctly determine if the executable content has been tampered with.
Design and Implementation of an Integrity Measurement System Based on Windows Trusted Computing Platform
This paper presents the design and implementation of an integrity measurement system based on Windows trusted computing platform that strengthens the security posture of the platform and gives great consideration to the impact which the measurements cause to system performance.
Quantitative analysis of measurement overhead for integrity verification
This paper analyzes the internal behavior of IMA (Integrity Measurement Architecture), one of the most well-known integrity verification frameworks employed in the Linux kernel, and proposes two novel techniques, called batch extend and core measurement.
Design and implementation of an attestation protocol for measured dynamic behavior
Current high-level-based attestation protocol has been extended for dynamic behavior collection and verification, and the dynamic behavior is verified via several machine learning algorithms, which justify the use of this approach and show that a high rate detection was achieved for datasets of real-world vulnerabilities in the popular Firefox browser.
Runtime-Based Boot Components Re-measurement Scheme for Trusted Platform
IMAC is embedding Integrity Measurement Agency Component which has the capability of monitoring transformation, verifying credibility, updating Platform Configuration Registers and recording integrity measurement logs in Linux kernel and the result of performance analysis demonstrates that the method is feasible and credible.
Subverting Linux' integrity measurement architecture
It is demonstrated that the security guarantees of the Linux Integrity Measurement Architecture can be undermined by means of a malicious block device, and how the attack affects certain use cases of IMA is analysed and discussed.
TOCTOU, Traps, and Trusted Computing
This work explores using the MMU and the TPM in concert to provide a memory event trapping framework, in which trap handlers perform TPM operations to enforce a security policy, and includes modifying theMMU to support selective memory immutability and generate higher granularity memory access traps.
Practical Assessment of Biba Integrity for TCG-Enabled Platforms
  • Roberto Sassu, G. Ramunno, A. Lioy
  • Computer Science
    2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications
  • 2014
Enhanced IMA is proposed, an extended version of the Integrity Measurement Architecture (IMA) that works almost out of the box and just reports information flows instead of enforcing them, and a model to evaluate the information reported by Enhanced IMA with existing techniques is introduced.
The benefits of combining trusted computing with virtualization techniques
An approach towards a security architecture by using virtualization technologies as well as security enhancements of modern processor architectures for hardening an operating system on top of a TCP.
Determining the Integrity of Applications and Operating Systems using Remote and Local Attesters
This research describes software based remote attestation schemes for obtaining the integrity of an executing user application and the Operating System (OS) text section of an untrusted client platform and presents two approaches to incorporating software based “root of trust” using VirtualMachineMonitors (VMMs).


A secure and reliable bootstrap architecture
The AEGIS architecture for initializing a computer system validates integrity at each layer transition in the bootstrap process, and it is shown how this results in robust systems.
Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear
An experiment to see if hardware to transform a desktop Linux machine into a virtual secure coprocessor is feasible, but effective deployment requires a more thorough look at OS security.
Trusted Platform on demand ( TPod )
The research described in this paper is an architecture and implementation called Trusted Platform on Demand (TPod), which increases the trustworthiness of networked platforms by combining dedicated security hardware, a secure operating system kernel and an open security protocol, to provide a secure software platform that may host a diverse range of distributed applications.
Terra: a virtual machine-based platform for trusted computing
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications
Building the IBM 4758 Secure Coprocessor
The 4758 is a lifetime-secure tamper-responding device, a multipurpose programmable device based on a 99-MHz 486 CPU internal environment, with a real operating system, a C language development environment and relatively high-speed cryptography.
Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
An overview of Trip wire is described, emphasizing the salient aspects of Tripwire configuration that supports its use at sites employing modern variants of the UNIX operating system, and experiences with how Tripwire has been used in “in the field” are presented.
Operating system benchmarking in the wake of lmbench: a case study of the performance of NetBSD on the Intel x86 architecture
Modifications to lmbench are described, and a new benchmark suite, hbench:OS, is used to examine how the performance of operating system primitives under NetBSD has scaled with the processor evolution of the Intel x86 architecture.
Checking system rules using system-specific, programmer-written compiler extensions
This paper shows how system implementors can use meta-level compilation (MC) to write simple, system-specific compiler extensions that automatically check their code for rule violations and demonstrates the effectiveness of the MC approach by applying it to four complex, real systems.
Outbound authentication for programmable secure coprocessors
  • Sean W. Smith
  • Computer Science
    International Journal of Information Security
  • 2004
This work required synthesis of a number of techniques, so that parties with different and dynamic views of trust can draw sound and complete conclusions about remote coprocessor applications.
A Trusted Open Platform
Microsoft's next-generation secure computing base extends personal computers to offer mechanisms that let high-assurance software protect itself from the operating systems, device drivers, BIOS, and