Enforcing executing-implies-verified with the integrity-aware processor

Michael LeMay; Carl A. Gunter

doi:10.1007/978-3-642-21599-5_15

Enforcing executing-implies-verified with the integrity-aware processor

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified Enforcer (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware Processor (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.

Original language	English (US)
Title of host publication	Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings
Publisher	Springer
Pages	202-216
Number of pages	15
ISBN (Print)	9783642215988
DOIs	https://doi.org/10.1007/978-3-642-21599-5_15
State	Published - 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6740 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Online availability

10.1007/978-3-642-21599-5_15

Library availability

Discover UIUC Full Text

Cite this

LeMay, M., & Gunter, C. A. (2011). Enforcing executing-implies-verified with the integrity-aware processor. In Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings (pp. 202-216). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6740 LNCS). Springer. https://doi.org/10.1007/978-3-642-21599-5_15

Enforcing executing-implies-verified with the integrity-aware processor. / LeMay, Michael; Gunter, Carl A.
Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings. Springer, 2011. p. 202-216 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6740 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

LeMay, M & Gunter, CA 2011, Enforcing executing-implies-verified with the integrity-aware processor. in Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6740 LNCS, Springer, pp. 202-216. https://doi.org/10.1007/978-3-642-21599-5_15

LeMay M, Gunter CA. Enforcing executing-implies-verified with the integrity-aware processor. In Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings. Springer. 2011. p. 202-216. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-21599-5_15

@inproceedings{93c311fcbd3e45e1ad57dd89894964b9,

title = "Enforcing executing-implies-verified with the integrity-aware processor",

abstract = "Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified Enforcer (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware Processor (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.",

author = "Michael LeMay and Gunter, {Carl A.}",

note = "Funding Information: Acknowledgments. This work was supported in part by DOE DE-OE0000097, HHS 90TR0003-01, NSF CNS 09-64392, NSF CNS 09-17218, NSF CNS 07-16626, NSF CNS 07-16421, NSF CNS 05-24695, and grants from the MacArthur Foundation, and Lockheed Martin Corporation. The views expressed are those of the authors only. We thank Samuel T. King and the anonymous reviewers for their helpful feedback. We measured lines of code using David A. Wheeler{\textquoteright}s {\textquoteright}SLOC-Count{\textquoteright}. Funding Information: This work was supported in part by DOE DE-OE0000097, HHS 90TR0003-01, NSF CNS 09-64392, NSF CNS 09-17218, NSF CNS 07-16626, NSF CNS 07-16421, NSF CNS 05-24695, and grants from the MacArthur Foundation, and Lockheed Martin Corporation. The views expressed are those of the authors only. We thank Samuel T. King and the anonymous reviewers for their helpful feedback. We measured lines of code using David A. Wheeler{\textquoteright}s {\textquoteright}SLOC-Count{\textquoteright}.",

year = "2011",

doi = "10.1007/978-3-642-21599-5_15",

language = "English (US)",

isbn = "9783642215988",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "202--216",

booktitle = "Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Enforcing executing-implies-verified with the integrity-aware processor

AU - LeMay, Michael

AU - Gunter, Carl A.

N1 - Funding Information: Acknowledgments. This work was supported in part by DOE DE-OE0000097, HHS 90TR0003-01, NSF CNS 09-64392, NSF CNS 09-17218, NSF CNS 07-16626, NSF CNS 07-16421, NSF CNS 05-24695, and grants from the MacArthur Foundation, and Lockheed Martin Corporation. The views expressed are those of the authors only. We thank Samuel T. King and the anonymous reviewers for their helpful feedback. We measured lines of code using David A. Wheeler’s ’SLOC-Count’. Funding Information: This work was supported in part by DOE DE-OE0000097, HHS 90TR0003-01, NSF CNS 09-64392, NSF CNS 09-17218, NSF CNS 07-16626, NSF CNS 07-16421, NSF CNS 05-24695, and grants from the MacArthur Foundation, and Lockheed Martin Corporation. The views expressed are those of the authors only. We thank Samuel T. King and the anonymous reviewers for their helpful feedback. We measured lines of code using David A. Wheeler’s ’SLOC-Count’.

PY - 2011

Y1 - 2011

N2 - Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified Enforcer (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware Processor (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.

AB - Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified Enforcer (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware Processor (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.

UR - http://www.scopus.com/inward/record.url?scp=85037362307&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037362307&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-21599-5_15

DO - 10.1007/978-3-642-21599-5_15

M3 - Conference contribution

AN - SCOPUS:85037362307

SN - 9783642215988

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 202

EP - 216

BT - Trust and Trustworthy Computing - 4th International Conference, TRUST 2011, Proceedings

PB - Springer

ER -

Enforcing executing-implies-verified with the integrity-aware processor

Abstract

Publication series

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this