Access Control for Binary Integrity Protection using Ethereum

Stengele, Oliver; Baumeister, Andreas; Birnstill, Pascal; Hartenstein, Hannes

doi:10.1145/3322431.3325108

Cited by 13 publications

(14 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The targeted use cases address mainly the operation of IoT devices, and proposed interactions with a smart contract are mostly described at conceptual level relying on external attestation protocols or manual inspection. The work is therefore, orthogonal to our attack context, but as well as [39] it strengthens the common assumption of using blockchain, and in particular Ethereum, for its integrity guarantees.…”

Section: Related Workmentioning

confidence: 79%

“…These typically address protecting the integrity of simple binaries in a supply chain, not specifically of an SGX enclave. The most close to our distributed mitigation is the idea presented in [39]. Similar to our approach, a hash digest computed over the binary is stored in a smart contract in the Ethereum blockchain, with the purpose to detect if the binary was tampered.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Malware in the SGX supply chain: Be careful when signing enclaves!

Crăciun

Felber

Mogage

et al. 2020

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no serious attempt yet to overcome the SGX protection by exploiting the weaknesses in the software supply chain infrastructure, namely at the level of the development, build or signing servers. While SGX protection does not specifically take into consideration such threats, we show in the current paper that a simple malware attack exploiting a separation between the build and signing processes can have a serious damaging impact, practically nullifying SGX integrity protection measures. We also explore two possible mitigations against the attack, one centralized leveraging SGX itself, and one distributed that relies on a smart contract deployed on a blockchain infrastructure. Our evaluation shows that both methods are feasible in practice and their added costs are acceptable for the offered protection.

show abstract

Section: Related Workmentioning

confidence: 79%

Section: Related Workmentioning

confidence: 99%

Malware in the SGX supply chain: Be careful when signing enclaves!

Crăciun

Felber

Mogage

et al. 2020

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…In previous work [4], a concept was proposed on how the Ethereum blockchain can serve as a middleware to facilitate the publication and revocation of integrity protecting information for software binaries and how the underlying peer-to-peer network can be viewed as a reliable broadcast medium. Smart contracts are used to establish unique and persistent identities for software that can be managed by and transferred between software developers and maintainers.…”

Section: Palinodiamentioning

confidence: 99%

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

Stengele

Droll

Hartenstein

2020

Proceedings of the 21st International Middleware Conference Demos and Posters

Self Cite

View full text Add to dashboard Cite

“…The work by Stengele et al [46] adopts a similar approach to ours of using smart contracts to provide software transparency but model it as an access control problem. In their system, each software package is represented with a Root Software Identifier (Root SI) generated by Software Smart Contract issued by a developer.…”

Section: Related Workmentioning

confidence: 99%

SmartWitness: A Proactive Software Transparency System using Smart Contracts

Guarnizo

Alangot

Szałachowski

2020

Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure

View full text Add to dashboard Cite

Package managers have become essential for software distribution and management. Their goal is to allow users to install programs, drivers, or updates in their systems in a secure, quick, and often, unattended way. However, in recent years, attackers have found severe flaws in software distribution systems and used them as a stealthy launch pad for malicious software. Moreover, it was proved that actors of the software supply-chain are ineffective in detecting and stopping attacks on user devices. In this paper, we present a design for software distribution systems based on distributed ledgers. By replacing traditional code signing certificates with smart contracts, named SmartWitness, we propose a novel system that provides properties of binary transparency, useful and granular package revocation, and dynamic and proactive security assessment improving risk awareness of end users. SmartWitness keeps all actors transparent and accountable, and it enables security providers to participate earlier in the software distribution process, directly influencing package installations on user devices. We show how SmartWitness is integrated into an existing package manager system, and we present results from conducted experiments indicating that the system is practical as for today.

show abstract

Access Control for Binary Integrity Protection using Ethereum

Cited by 13 publications

References 5 publications

Malware in the SGX supply chain: Be careful when signing enclaves!

Malware in the SGX supply chain: Be careful when signing enclaves!

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

SmartWitness: A Proactive Software Transparency System using Smart Contracts

Contact Info

Product

Resources

About