297 Hits in 6.0 sec

Formally Verified Hardware/Software Co-Design for Remote Attestation [article]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, Gene Tsudik
2019 arXiv   pre-print
In this work, we take the first step towards formal verification of Remote Attestation (RA) by designing and verifying an architecture called VRASED: Verifiable Remote Attestation for Simple Embedded Devices  ...  VRASED instantiates a hybrid (HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices.  ...  Title: VRASED: A Verified Hardware/Software Co-Design for Remote Attestation becomes extremely important.  ... 
arXiv:1811.00175v4 fatcat:rs3go6hbgjculmzg7njlxxkwmq

SMASHUP: a toolchain for unified verification of hardware/software co-designs

Florian Lugou, Ludovic Apvrille, Aurélien Francillon
2016 Journal of Cryptographic Engineering  
Next, it proposes an evaluation of formal verification methods that have already been proposed for mixed hardware/software systems, with regards to the ideal method.  ...  At last, the paper presents a conceptual approach to this ideal method relying on ProVerif, and applies this approach to a remote attestation system (SMART).  ...  For instance, in [20] , the authors propose a methodology for formally verifying a mixed hardware-software design implemented in SystemC.  ... 
doi:10.1007/s13389-016-0145-2 fatcat:3frsj6yb2batxmrlhquazcrmcu

On the TOCTOU Problem in Remote Attestation [article]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, Gene Tsudik
2021 arXiv   pre-print
RATA targets hybrid RA architectures (implemented as Hardware/Software co-designs), which are aimed at low-end embedded devices.  ...  We propose Remote Attestation with TOCTOU Avoidance (RATA): a provably secure approach to address the RA TOCTOU problem.  ...  Hybrid RA (based on hardware/software co-design) [7] [8] [9] [10] is an approach particularly suitable for low-end embedded devices.  ... 
arXiv:2005.03873v2 fatcat:oewjkublwfgzpl4h773d5lu5q4

An Infrastructure for Faithful Execution of Remote Attestation Protocols [article]

Adam Petz, Perry Alexander
2020 arXiv   pre-print
Remote attestation is an emerging technology for establishing trust in a remote computing system.  ...  In this work we formally define and verify a Copland Compiler and Copland Virtual Machine for executing Copland protocols.  ...  HYDRA [10] (Hybrid Design for Remote Attestation) was the first hardware/software hybrid RA architecture to build upon formally-verified components, and that achieved design goals laid out in their prior  ... 
arXiv:2012.10511v1 fatcat:6pmyre4oavgg7kwhwk7mkoteza

Remote Attestation: A Literature Review [article]

Alexander Sprogø Banks, Marek Kisiel, Philip Korsholm
2021 arXiv   pre-print
We will describe and evaluate the state-of-the-art for remote attestation, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation  ...  Furthermore, as interconnected IoT devices are becoming increasingly more popular, so is the need for attestation of device swarms.  ...  Hybrid attestation Hybrid remote attestation is a hardware/software co-design that is based on a minimal trust anchor.  ... 
arXiv:2105.02466v2 fatcat:wpzlezruovat5c35b465xkzb44

A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise [article]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Gene Tsudik
2020 arXiv   pre-print
In this paper we answer these questions by designing, proving security of, and formally verifying, VAPE: Verified Architecture for Proofs of Execution.  ...  The latter is responsible for the decision-making and orchestrating the entire system.  ...  Formally Verified RA VRASED [17] is a formally verified hybrid (hardware/software co-design) RA architecture, built as a set of sub-modules, each guaranteeing a specific set of sub-properties.  ... 
arXiv:1908.02444v2 fatcat:ttsnger7sncpjpxoyefhllgvdu


Samuel Weiser, Mario Werner
2017 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY '17  
Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.  ...  However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices.  ...  There exist various techniques for isolated execution, which range from pure hypervisor designs [10, 14, 19, 34, 52, 60] over hardware-software co-designs [8, 11, 50] to pure hardware extensions [  ... 
doi:10.1145/3029806.3029822 dblp:conf/codaspy/WeiserW17 fatcat:gs5qrfd7cbdmziwrzwgffg73gq

Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices

Hassaan Janjua, Mahmoud Ammar, Bruno Crispo, Danny Hughes
2019 Proceedings of the 4th Workshop on System Software for Trusted Execution - SysTEX '19  
In this paper, we take a first step towards providing a pure-software Trusted Execution Environment (TEE) for resource-constrained embedded devices that lack basic hardwarebased security features, such  ...  Our implementation and evaluation results demonstrate the feasibility of implementing a standards-compliant software-based TEE for low-end embedded devices without hardware support or modification that  ...  In particular, we consider the properties of VRASED [22] , a formally-verified hardware/software co-design for architectures that would provide dynamic root of trust through remote attestation.  ... 
doi:10.1145/3342559.3365338 dblp:conf/sosp/JanjuaAC019 fatcat:yw5hl5yf35a45hhjnzwstep2m4

Tiny-CFA: A Minimalistic Approach for Control-Flow Attestation Using Verified Proofs of Execution [article]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Gene Tsudik
2020 arXiv   pre-print
In particular, hardware/software (hybrid) co-designs offer low hardware cost, while retaining similar security guarantees as (more expensive) hardware-based techniques.  ...  Consequently, our design achieves the lowest hardware overhead of any CFA architecture (i.e., two orders of magnitude cheaper), while relying on a formally verified PoX architecture as its sole hardware  ...  APEX implementation is built atop the formally verified hybrid RA architecture VRASED [5] , and APEX hardware module is itself formally verified to adhere to a set of formal logic specifications.  ... 
arXiv:2011.07400v2 fatcat:omjsmbsr6fbiflwm6rf3rdzrpm

Remote Credential Management with Mutual Attestation for Trusted Execution Environments [article]

Carlton Shepherd, Raja N. Akram, Konstantinos Markantonakis
2018 arXiv   pre-print
In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation.  ...  TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation.  ...  Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).  ... 
arXiv:1804.10707v2 fatcat:emyh7gvjjbgfxnprejuxnde2uq

A Taxonomy and Review of Remote Attestation Schemes in Embedded Systems

William A. Johnson, Sheikh Ghafoor, Stacy Prowell
2021 IEEE Access  
The root of trust is defined as what component of the prover (hardware, software or both) is used for gathering evidence. This component of the prover is trusted by the verifier.  ...  ROOT OF TRUST A root of trust is the foundation for an Remote Attestation (RA) scheme.  ...  [53] Hardware Isolation Remote Static Discrete Whitelist One-to-One Kong et al. [54] Hardware PUF Remote Dynamic Discrete Whitelist One-to-One Schulz et al.  ... 
doi:10.1109/access.2021.3119220 fatcat:otzlwmvvtbgixhxmyfegzlbnji

GAROTA: Generalized Active Root-Of-Trust Architecture [article]

Esmerald Aliaj, Ivan De Oliveira Nunes, Gene Tsudik
2021 arXiv   pre-print
We then design, implement, formally verify, and evaluate GAROTA: Generalized Active Root-Of-Trust Architecture.  ...  We also formally specify and verify GAROTA functionality and properties.  ...  Conclusions This paper motivated and illustrated the design of GAROTA: an active RoT targeting low-end MCU-s used as platforms for embedded/IoT/CPS devices that perform safety-critical sens-ing and actuation  ... 
arXiv:2102.07014v2 fatcat:helml3iha5hormoq5eo3ubqdoq

Orchestrating Layered Attestations [chapter]

John D. Ramsdell, Paul D. Rowe, Perry Alexander, Sarah C. Helble, Peter Loscocco, J. Aaron Pendergrass, Adam Petz
2019 Research Series on the Chinese Dream and China's Development Path  
The language is designed to bridge the gap between formal analysis of attestation security guarantees and concrete implementations.  ...  All results have been formally verified with the Coq proof assistant.  ...  Another line of research has focused on hardware/software co-design for embedded devices to enable remote attestation on platforms that are constrained in various ways [2, 6, 7] .  ... 
doi:10.1007/978-3-030-17138-4_9 dblp:conf/post/RamsdellRAHLPP19 fatcat:43qir7goxbdmfb5mq7udh7sfiy


Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, Matthias Schunter
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
A key mechanism to protect the software integrity of these devices is remote attestation: A process that allows a remote verifier to validate the integrity of the software of a device.  ...  SANA relies on a novel signature scheme to allow anyone to publicly verify a collective attestation in constant time and space, for virtually an unlimited number of devices.  ...  Acknowledgements We thank anonymous reviewers for their useful comments.  ... 
doi:10.1145/2976749.2978335 dblp:conf/ccs/AmbrosinCINSS16 fatcat:q7cpmuafhrgonjshmy6q5fu3xe

A Hardware-Software Platform for Intrusion Prevention

M. Drinic, D. Kirovski
37th International Symposium on Microarchitecture (MICRO-37'04)  
The key problem is that although a program at the beginning of its execution can be verified as authentic, its execution flow can be redirected to externally injected malicious code using, for example,  ...  While the presented optimization technique is problem specific, it is flexible such that it can be adjusted for different optimization goals.  ...  First, we formally define our optimization goal.  ... 
doi:10.1109/micro.2004.2 dblp:conf/micro/DrinicK04 fatcat:jn5iqrhpjbevziezjahullil4q
« Previous Showing results 1 — 15 out of 297 results