J.H. Pendergrass scite author profile

We present Copland, a language for specifying layered attestations. Layered attestations provide a remote appraiser with structured evidence of the integrity of a target system to support a trust decision. The language is designed to bridge the gap between formal analysis of attestation security guarantees and concrete implementations. We therefore provide two semantic interpretations of terms in our language. The first is a denotational semantics in terms of partially ordered sets of events. This directly connects Copland to prior work on layered attestation. The second is an operational semantics detailing how the data and control flow are executed. This gives explicit implementation guidance for attestation frameworks. We show a formal connection between the two semantics ensuring that any execution according to the operational semantics is consistent with the denotational event semantics. This ensures that formal guarantees resulting from analyzing the event semantics will hold for executions respecting the operational semantics. All results have been formally verified with the Coq proof assistant.

show abstract

Tracking remediation and redevelopment trends of brownfield clean‐up programmes: the Cook County experience

Winson-Geideman

Simons

Pendergrass

2004

Journal of Environmental Planning and Management

View full text Add to dashboard Cite

Environmental liability: A missing use for ecosystem services valuation

Phelps¹,

Jones²,

Pendergrass³

et al. 2015

Proc. Natl. Acad. Sci. U.S.A.

View full text Add to dashboard Cite

Improving coherency of runtime integrity measurement

Thober

Pendergrass

McDonell

2008

View full text Add to dashboard Cite

Recent work in software integrity verification provides techniques for measuring integrity at runtime, where a measurement agent observes the memory image of a running process and constructs some meaningful description of the process's current state. Unlike in static and load time measurement architectures, the target of a runtime measurement is running and hence able to change its state. In this setting, an accurate measurement must reflect a coherent state of the target. A coherent measurement must satisfy two properties: atomicity ensures that a measurement corresponds to the state of the target at a particular point in time and quiescence ensures that the target data is in a consistent state, i.e. not a critical section. We address the former property, showing that we can obtain an atomic measurement using a memory copy-on-write strategy, which we have implemented in the Xen hypervisor. We show that this approach achieves significant performance gains in the memory and time impact to the target, when compared with naive strategies for enforcing atomicity.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

J.H. Pendergrass

Linux kernel integrity measurement using contextual inspection

Orchestrating Layered Attestations

Tracking remediation and redevelopment trends of brownfield clean‐up programmes: the Cook County experience

Environmental liability: A missing use for ecosystem services valuation

Improving coherency of runtime integrity measurement

Contact Info

Product

Resources

About