Atrium: Runtime Attestation Resilient Under Memory Attacks

Keywords

Attestation; Memory attacks; Runtime

Abstract

Remote attestation is an important security service that allows a trusted party (verifier) to verify the integrity of a software running on a remote and potentially compromised device (prover). The security of existing remote attestation schemes relies on the assumption that attacks are software-only and that the prover's code cannot be modified at runtime. However, in practice, these schemes can be bypassed in a stronger and more realistic adversary model that is hereby capable of controlling and modifying code memory to attest benign code but execute malicious code instead - leaving the underlying system vulnerable to Time of Check Time of Use (TOCTOU) attacks. In this work, we first demonstrate TOCTOU attacks on recently proposed attestation schemes by exploiting physical access to prover's memory. Then we present the design and proof-of-concept implementation of ATRIUM, a runtime remote attestation system that securely attests both the code's binary and its execution behavior under memory attacks. ATRIUM provides resilience against both software- and hardware-based TOCTOU attacks, while incurring minimal area and performance overhead.

Publication Date

12-13-2017

Publication Title

IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD

Volume

2017-November

Number of Pages

384-391

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ICCAD.2017.8203803

Socpus ID

85043534150 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85043534150

This document is currently not available here.

Share

COinS