We present Flicker, an infrastructure for executing securitysensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMAenabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.

Trusting a computer for a security-sensitive task (such as checking email or banking online) requires the user to know something about the computer’s state. We examine research on securely capturing a computer’s state, and consider the utility of this information both for improving security on the local computer (e.g., to convince the user that her computer is not infected with malware) and for communicating a remote computer’s state (e.g., to enable the user to check that a web server will adequately protect her data). Although the recent “Trusted Computing ” initiative has drawn both positive and negative attention to this area, we consider the older and broader topic of bootstrapping trust in a computer. We cover issues ranging from the wide collection of secure hardware that can serve as a foundation for trust, to the usability issues that arise when trying to convey computer state information to humans. This approach unifies disparate research efforts and highlights opportunities for additional work that can guide real-world improvements in computer security. 1

Abstract. Wireless sensor networks are envisioned to be deployed in mission-critical applications. Detecting a compromised sensor, whose memory contents have been tampered, is crucial in these settings, as the attacker can reprogram the sensor to act on his behalf. In the case of sensors, the task of verifying the integrity of memory contents is difficult as physical access to the sensors is often infeasible. In this paper, we propose a software-based approach to verify the integrity of the memory contents of the sensors over the network without requiring physical contact with the sensor. We describe the building blocks that can be used to build a program for attestation purposes, and build our attestation program based on these primitives. The success of our approach is not dependent on accurate measurements of the execution time of the attestation program. Further, we do not require any additional hardware support for performing remote attestation. Our attestation procedure is designed to detect even small memory changes and is designed to be resistant against modifications by the attacker. 1

Vehicular ad-hoc networks present great opportunity for information exchange and equal opportunity for abuse. Validating traffic information without imposing significant communication overheads is a hard problem. In this paper, we propose a solution for validating aggregated data. The main idea is to use random checks to probabilistically catch the attacker, and thereby discourage attacks in the network. Our solution relies on PKI based authentication and assumes a tamper-proof service in each car to carry out certain secure operations such as signing and timestamping. We try to keep the set of secure operations as small as possible, in accordance with the principle of economy of mechanism. We show that our solution provides security without significant communication overheads. 1.

We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant performance issues remain. We offer several suggestions that leverage existing processor technology, retain security, and improve performance. Implementing these recommendations will finally allow application developers to focus exclusively on the security of their own code, enabling it to execute in isolation from the numerous vulnerabilities in the underlying layers of legacy code.

We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We implement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architecture, distributed computations can be protected and controlled coherently across all the machines involved in the computation. 1.

Remote attestation of system integrity is an essential part of trusted computing. However, current remote attestation techniques only provide integrity proofs of static properties of the system. To address this problem we present a novel remote dynamic attestation system named ReDAS (Remote Dynamic Attestation System) that provides integrity evidence for dynamic system properties. Such dynamic system properties represent the runtime behavior of the attested system, and enable an attester to prove its runtime integrity to a remote party. ReDAS currently provides two types of dynamic system properties for running applications: structural integrity and global data integrity. In this work, we present the challenges of remote dynamic attestation, provide an in-depth security analysis and introduce a first step towards providing a complete runtime dynamic attestation framework. Our prototype implementation and evaluation with real-world applications show that we can improve on current static attestation techniques with an average performance overhead of 8%.

Web services and service oriented architectures are becoming the de facto standard for Internet computing. A main problem faced by users of such services is how to ensure that the service code is trusted. While methods that guarantee trusted service code execution before starting a client-service transaction exist, there is no solution for extending this assurance to the entire lifetime of the transaction. This paper presents Satem, a Service-aware trusted execution monitor that guarantees the trustworthiness of the service code across a whole transaction. The Satem architecture consists of an execution monitor residing in the operating system kernel on the service provider platform, a trust evaluator on the client platform, and a service commitment protocol. During this protocol, executed before every transaction, the client requests and verifies against its local policy a commitment from the service platform that promises trusted code execution. Subsequently, the monitor enforces this commitment for the duration of the transaction. To initialize the trust on the monitor, we use the Trusted Platform Module specified by the Trusted Computing Group. We implemented Satem under the Linux 2.6.12 kernel and tested it for a web service and DNS. The experimental results demonstrate that Satem does not incur significant overhead to the protected services and does not impact the unprotected services. 1

the Grants No. (NSC95-main) and No. (NSC95-org), and by gifts from AMD and Intel.

Abstract—Clear evidence indicates the existence of compromised routers in ISP and enterprise networks. Fault localization (FL) protocols enable a network to localize specific links of compromised routers sabotaging network data delivery and are recognized as an essential means to enhancing network availability in the face of targeted attacks. However, theoretically proven lower bounds have shown that secure FL protocols in the current network infrastructure inevitably incur prohibitive overhead. We observe the current limits are due to a lack of trust relationships among network nodes. We demonstrate that we can achieve much higher FL efficiency by leveraging trusted computing technology to design a trusted network-layer architecture, TrueNet, with a small Trusted Computing Base (TCB). We intend TrueNet to serve as a case study that demonstrates trusted computing’s ability in yielding tangible and measurable benefits for secure network protocol designs. I.