Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

@inproceedings{Seshadri2005PioneerVC,
  title={Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems},
  author={Arvind Seshadri and Mark Luk and Adrian Perrig and Leendert van Doom and Pradeep K. Khosla},
  booktitle={SOSP '05},
  year={2005}
}
We propose a primitive, called Pioneer, as a first step towards verifiable code execution on untrusted legacy hosts. Pioneer does not require any hardware support such as secure co-processors or CPU-architecture extensions. We implement Pioneer on an Intel Pentium IV Xeon processor. Pioneer can be used as a basic building block to build security systems. We demonstrate this by building a kernel rootkit detector. 
Verifying Trusted Code Execution using ARM Trustzone
TLDR
An overview of the Security Extensions implemented in Cortex-A9 processors and higher, referred to as Trustzone, and how it can be leveraged to guarantee trusted code execution even on untrusted systems are presented.
Determining the Integrity of Application Binaries on Unsecure Legacy Machines Using Software Based Remote Attestation
TLDR
This paper implements a method known as Remote Attestation entirely in software to attest the integrity of a process using a trusted internal server and a trusted external server issues a challenge to the client machine which responds to the challenge.
Flicker: an execution infrastructure for tcb minimization
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful,
VIPER: verifying the integrity of PERipherals' firmware
TLDR
This work proposes software-only attestation protocols to verify the integrity of peripherals' firmware, and shows that they can detect all known software-based attacks.
Code Validation for Modern OS Kernels
The proliferation of kernel mode malware and rootkits over the last decade is one of the most critical challenges the security industry is facing. While mechanisms such as UEFI secure boot in
Code and Data Integrity of Modern Operating Systems
TLDR
This thesis investigates how runtime code integrity of a modern operating systems (OSs) can be achieved and presents a framework, able to both validate the integrity of self-modifying kernel code and to detect kernel-based code-reuse malware in memory in an efficient manner.
Remote Attestation on Legacy Operating Systems With Trusted Platform Modules
Fides: selectively hardening software application components against kernel-level or process-level malware
TLDR
This work proposes a combined approach of a run-time security architecture that can efficiently protect fine-grained software modules executing on a standard operating system, and a compiler that compiles standard C source code modules to such protected binary modules.
CodeBender: Remote Software Protection Using Orthogonal Replacement
TLDR
This work implements CodeBender, a tool that implements a novel client-replacement strategy to counter the malicious host problem, and tested its practicability in two case studies.
...
...

References

SHOWING 1-10 OF 36 REFERENCES
Side Effects Are Not Sufficient to Authenticate Software
TLDR
A successful attack on Genuinity is implemented, and it is argued this class of schemes are not only impractical but unlikely to succeed without trusted hardware.
A generic attack on checksumming-based software tamper resistance
TLDR
It is shown that the rich functionality of many modern processors, including UltraSparc and x86-compatible processors, facilitates automated attacks which defeat such checksumming by self-checking programs.
Strider GhostBuster: Why It’s A Bad Idea For Stealth Software To Hide Files
TLDR
File-hiding through lying APIs [HTB03, NTI04] is an advanced stealth technique used by many popular system-monitoring software such as RootKits, Trojans, and keyloggers to make executables or data files invisible.
Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12
Design and Implementation of a TCG-based Integrity Measurement Architecture
TLDR
This work shows that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example.
Certifying Program Execution with Secure Processors
TLDR
Cerium is a trusted computing architecture that protects a program's execution from being tampered while the program is running and cryptographically authenticates and copy-protects each program's instructions and data when they are stored in the untrusted off-chip DRAM.
Terra: a virtual machine-based platform for trusted computing
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications
BIND: a fine-grained attestation service for secure distributed systems
TLDR
BIND offers a general solution toward establishing a trusted environment for distributed system designers and incorporates the verification of input data integrity into the attestation, i.e., through one signature, the authors can vouch for the entire chain of processes that have performed transformations over a piece of data.
SWATT: softWare-based attestation for embedded devices
TLDR
This paper presents an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running.
Establishing the Genuinity of Remote Computer Systems
TLDR
A means by which a remote computer system can be challenged to demonstrate that it is genuine and trustworthy and can be granted access to distributed resources and serve as a general-purpose host for distributed computation so long as it remains in contact with some certifying authority.
...
...