A Platform Service for Remote Integrity Measurement and Attestation

Pcnderarass, J. Aaron; Helble, Sarah; Clemens, John; Loscocco, Peter

doi:10.1109/milcom.2018.8599735

Cited by 15 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Integrity measurement tools include both static [26,36] and dynamic [6,15,19,37,38,41] approaches that support both baseline and recurring measurements of target systems. Higher-level measurement frameworks support userspace monitoring [28,12,24,29], kernel-level introspection [25], and attestation of embedded/IOT platforms [22,3,39]. The framework presented in the current work is designed as a common operational environment for such tools, plugging them in as ASPs and composing their measurement results as Copland Evidence.…”

Section: Related Workmentioning

confidence: 99%

An infrastructure for faithful execution of remote attestation protocols

Petz

2020

Proceedings of the 7th Symposium on Hot Topics in the Science of Security

View full text Add to dashboard Cite

Remote attestation is an emerging technology for establishing trust in a remote computing system. Copland is a domain-specific language for specifying layered attestation protocols, characterizing attestationrelevant system events, and describing evidence bundling. In this work we formally define and verify a Copland Compiler and Copland Virtual Machine for executing Copland protocols. The compiler translates Copland into instructions that are executed on the virtual machine. The compiler and virtual machine are implemented as monadic, functional programs in the Coq proof assistant and verified with respect to the Copland event and evidence semantics. In addition we introduce the Attestation Manager Monad as an environment for managing Copland term execution providing support for managing nonces, binding results of Copland protocols to variables, and appraising evidence results.

show abstract

Section: Related Workmentioning

confidence: 99%

An infrastructure for faithful execution of remote attestation protocols

Petz

2020

Proceedings of the 7th Symposium on Hot Topics in the Science of Security

View full text Add to dashboard Cite

show abstract

“…2, is being utilized by the authors as a testing ground for Copland. Maat provides a pluggable interface for Attestation Service Providers (ASPs), functional units of measurement which are executed by Attestation Protocol Blocks (APBs) after a negotiation between an attester and appraiser machine [16]. Another architecture, given in [8], implements a policy mechanism designed to allow the appraiser to ask for different conditions to be satisfied by the target for different types of interactions.…”

Section: Related Workmentioning

confidence: 99%

“…We are actively exploring advanced attestation scenarios between Maat Attestation Managers (AMs). Recall from the introduction that Maat is a policy-based measurement and attestation (M&A) framework which provides a centralized, pluggable service to gather and report integrity measurements [16]. The Maat team is leveraging Copland to test attestation scenarios involving the configuration of multiple instances of Maat in multi-realm and multi-party scenarios.…”

Section: Conclusion and Ongoing Workmentioning

confidence: 99%

“…In previous work, members of our team have taken a different approach. Maat is a policy-based measurement and attestation (M&A) framework which provides a centralized, pluggable service to gather and report integrity measurements [16]. Maat listens for attestation requests and can act as both an appraiser and an attester, depending on the needs of the current scenario.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Orchestrating Layered Attestations

Ramsdell

Rowe

Alexander

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We present Copland, a language for specifying layered attestations. Layered attestations provide a remote appraiser with structured evidence of the integrity of a target system to support a trust decision. The language is designed to bridge the gap between formal analysis of attestation security guarantees and concrete implementations. We therefore provide two semantic interpretations of terms in our language. The first is a denotational semantics in terms of partially ordered sets of events. This directly connects Copland to prior work on layered attestation. The second is an operational semantics detailing how the data and control flow are executed. This gives explicit implementation guidance for attestation frameworks. We show a formal connection between the two semantics ensuring that any execution according to the operational semantics is consistent with the denotational event semantics. This ensures that formal guarantees resulting from analyzing the event semantics will hold for executions respecting the operational semantics. All results have been formally verified with the Coq proof assistant.

show abstract

“…In existing systems, most adversaries capable of modifying arbitrary processes are likely to be able to also modify the measurement tools or operating system kernel. To protect against realistic adversaries our approach relies on the concept of nested measurements and isolated execution environments provided by a measurement and attestation system such as Maat [25].…”

Section: Adversary Modelmentioning

confidence: 99%

Runtime Detection of Userspace Implants

Pendergrass

Hull

Clemens

et al. 2019

MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)

Self Cite

View full text Add to dashboard Cite

This paper presents the Userspace Integrity Measurement Toolkit (USIM Toolkit), a set of integrity measurement collection tools capable of detecting advanced malware threats, such as memory-only implants, that evade many traditional detection tools. Userspace integrity measurement validates that a platform is free from subversion by validating that the current state of the platform is consistent with a set of invariants. The invariants enforced by the USIM Toolkit are carefully chosen based on the expected behavior of userspace, and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state.

show abstract

A Platform Service for Remote Integrity Measurement and Attestation

Cited by 15 publications

References 22 publications

An infrastructure for faithful execution of remote attestation protocols

An infrastructure for faithful execution of remote attestation protocols

Orchestrating Layered Attestations

Runtime Detection of Userspace Implants

Contact Info

Product

Resources

About