9 Hits in 3.4 sec

Formally Verified Hardware/Software Co-Design for Remote Attestation [article]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, Gene Tsudik
2019 arXiv   pre-print
In this work, we take the first step towards formal verification of Remote Attestation (RA) by designing and verifying an architecture called VRASED: Verifiable Remote Attestation for Simple Embedded Devices  ...  VRASED instantiates a hybrid (HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices.  ...  Title: VRASED: A Verified Hardware/Software Co-Design for Remote Attestation becomes extremely important.  ... 
arXiv:1811.00175v4 fatcat:rs3go6hbgjculmzg7njlxxkwmq

A Verified Architecture for Proofs of Execution on Remote Devices under Full Software Compromise [article]

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Gene Tsudik
2020 arXiv   pre-print
In this paper we answer these questions by designing, proving security of, and formally verifying, VAPE: Verified Architecture for Proofs of Execution.  ...  This prompts the following three questions: (1) How to trust data produced by a simple remote embedded device? and (2) How to ascertain that this data was produced via execution of expected software?  ...  Formally Verified RA VRASED [17] is a formally verified hybrid (hardware/software co-design) RA architecture, built as a set of sub-modules, each guaranteeing a specific set of sub-properties.  ... 
arXiv:1908.02444v2 fatcat:ttsnger7sncpjpxoyefhllgvdu

Tiny-CFA: A Minimalistic Approach for Control-Flow Attestation Using Verified Proofs of Execution [article]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Gene Tsudik
2020 arXiv   pre-print
In particular, hardware/software (hybrid) co-designs offer low hardware cost, while retaining similar security guarantees as (more expensive) hardware-based techniques.  ...  In this work, we tackle this challenge by designing Tiny-CFA - a control-flow attestation (CFA) technique with a single hardware requirement - the ability to generate proofs of remote software execution  ...  Remote Attestation (RA) As mentioned earlier, RA allows a trusted verifier (Vrf) to detect unauthorized code modifications (e.g., malware infections) on an untrusted remote device, called a prover (Prv  ... 
arXiv:2011.07400v2 fatcat:omjsmbsr6fbiflwm6rf3rdzrpm

On the TOCTOU Problem in Remote Attestation [article]

Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, Gene Tsudik
2021 arXiv   pre-print
RATA targets hybrid RA architectures (implemented as Hardware/Software co-designs), which are aimed at low-end embedded devices.  ...  We propose Remote Attestation with TOCTOU Avoidance (RATA): a provably secure approach to address the RA TOCTOU problem.  ...  We overview VRASED next. VRASED is a formally verified hybrid RA architecture, based on a hardware/software co-design.  ... 
arXiv:2005.03873v2 fatcat:oewjkublwfgzpl4h773d5lu5q4

Remote Attestation: A Literature Review [article]

Alexander Sprogø Banks, Marek Kisiel, Philip Korsholm
2021 arXiv   pre-print
We will describe and evaluate the state-of-the-art for remote attestation, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation  ...  Remote attestation (RA) is a distinct security service that allows a remote verifer to reason about the state of an untrusted remote prover (device).  ...  Hybrid attestation Hybrid remote attestation is a hardware/software co-design that is based on a minimal trust anchor.  ... 
arXiv:2105.02466v2 fatcat:wpzlezruovat5c35b465xkzb44

GAROTA: Generalized Active Root-Of-Trust Architecture [article]

Esmerald Aliaj, Ivan De Oliveira Nunes, Gene Tsudik
2021 arXiv   pre-print
In this paper, we set out to systematically design a minimal active RoT for tiny low-end MCU-s.  ...  We believe that GAROTA is the first clean-slate design of an active RoT for low-end MCU-s. We show how GAROTA guarantees that even a fully software-compromised low-end MCU performs a desired action.  ...  Conclusions This paper motivated and illustrated the design of GAROTA: an active RoT targeting low-end MCU-s used as platforms for embedded/IoT/CPS devices that perform safety-critical sens-ing and actuation  ... 
arXiv:2102.07014v2 fatcat:helml3iha5hormoq5eo3ubqdoq

Towards a standards-compliant pure-software trusted execution environment for resource-constrained embedded devices

Hassaan Janjua, Mahmoud Ammar, Bruno Crispo, Danny Hughes
2019 Proceedings of the 4th Workshop on System Software for Trusted Execution - SysTEX '19  
In this paper, we take a first step towards providing a pure-software Trusted Execution Environment (TEE) for resource-constrained embedded devices that lack basic hardwarebased security features, such  ...  Our implementation and evaluation results demonstrate the feasibility of implementing a standards-compliant software-based TEE for low-end embedded devices without hardware support or modification that  ...  In particular, we consider the properties of VRASED [22] , a formally-verified hardware/software co-design for architectures that would provide dynamic root of trust through remote attestation.  ... 
doi:10.1145/3342559.3365338 dblp:conf/sosp/JanjuaAC019 fatcat:yw5hl5yf35a45hhjnzwstep2m4

An Infrastructure for Faithful Execution of Remote Attestation Protocols [article]

Adam Petz, Perry Alexander
2020 arXiv   pre-print
Remote attestation is an emerging technology for establishing trust in a remote computing system.  ...  In this work we formally define and verify a Copland Compiler and Copland Virtual Machine for executing Copland protocols.  ...  VRASED (Verifiable Remote Attestation for Simple Embedded Devices) extended these ideas to a concrete RA design, becoming the first formal verification "of a HW/SW co-design implementation of any security  ... 
arXiv:2012.10511v1 fatcat:6pmyre4oavgg7kwhwk7mkoteza

Enclave Computing Paradigm: Hardware-assisted Security Architectures & Applications

Franz Ferdinand Peter Brasser
Hardware-assisted security solutions, and the isolation guarantees they provide, constitute the basis for the protection of modern software systems.  ...  The TEE solutions developed by industry and deployed in today's systems follow distinct design approaches and come with various limitations.  ...  SMART provides DRTM for embedded systems using a hardware/software codesign [139] .  ... 
doi:10.25534/tuprints-00011912 fatcat:2xf7ax7tcvbhrn76cdvcesfj6e