Download: PDF.
“Justifying integrity using a Virtual Machine Verifier” by Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC '09), 2009.
Abstract
Emerging distributing computing architectures, such as grid and cloud computing, depend on the high integrity execution of each system in the computation. While integrity measurement enables systems to generate proofs of their integrity to remote parties, we find that current integrity measurement approaches are insufficient to prove runtime integrity for systems in these architectures. Integrity measurement approaches that are flexible enough have an incomplete view of runtime integrity, possibly leading to false integrity claims, and approaches that provide comprehensive integrity do so only for computing environments that are too restrictive. In this paper, we propose an architecture for building comprehensive runtime integrity proofs for general purpose systems in distributed computing architectures. In this architecture, we strive for classical integrity, using an approximation of the Clark-Wilson integrity model as our target. Key to building such integrity proofs is a carefully crafted host system whose long-term integrity can be justified easily using current techniques and a new component, called a VM verifier, that can enforce our integrity target on VMs comprehensively. We have built a prototype based on the Xen virtual machine system for SELinux VMs, and find distributed compilation can be implemented, providing accurate proofs of our integrity target with less than 4% overhead.
Download: PDF.
BibTeX entry:
@inproceedings{acsac09-schiffman,
author = {Joshua Schiffman and Thomas Moyer and Christopher Shal and
Trent Jaeger and Patrick McDaniel},
title = {Justifying integrity using a {Virtual Machine Verifier}},
booktitle = {Proceedings of the 25th Annual Computer Security
Applications Conference (ACSAC '09)},
publisher = {ACSA},
year = {2009}
}
(This webpage was created with bibtex2web.)
Back to Trent Jaeger's Publications.