Reference:
Reference 1 Hardware-based monitoring technique that can detect if the system calls of sophisticated embedded operating systems (e.g. Linux) deviate from the originally programmed behavior due to an attack. By Verifying operation at the level of an individual processor instruction, we can detect any deviation almost instantaneously. By limiting the monitoring to a fraction of the operating system code (i.e. system calls) and not the entire code base, we can achieve low overhead compared to other hardware monitoring approaches.
PRIMA1: Info flow attestation. an extension to Linux IMA: measures the code (Linux IMA), and measures which information are present among processes. attest Biba and Clark-Wilson2, CW-Lite3; CW-Lite attestation is proved. Implementation: on SELinux. Info flow examples: Biba integrity requires that a process receive no input that is lower integrity than itself4. LOMAC(Low-Water Mark Integrity) requires that a process’s integrity be that of the lowest integrity input that it receives5.
Flicker1: 250 lines of code trusted; No trust on BIOS, OS, DMA devices. Trust processor (AMD/Intel) Fine-grained Attestation: e.g. A piece of server code handling the client password; no trust on all other softare stack from BIOS to OS. e.g. A Certificate Authority (CA) could sign certificates with its pricate key, even while keeping the key secret from a malicious BIOS/OS/DMA-enabled devices. Use of Flicker can be attested.
Pioneer1 Untrusted computing platform can tamper with code execution in at least three ways: By modifying the code before invoking it; Executing alternate code; or modifying execution state such as memory or registers when the code is running. Pioneer: challenge-response protocole between trusted & untrusted platform. Assuarance that: an arbitrary piece of code (the executable) on the untrusted platform is unmodified; the unmodified executable is invoked for execution on the untrusted platform; The exectable is executed untampered, despite the presence of malicious software on the untrusted platform.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?