무결성 검증을 위한 오버헤드의 정량적 분석

Title
무결성 검증을 위한 오버헤드의 정량적 분석
Alternative Title
Quantitative Analysis of Measurement Overhead for Integrity Verification
Author(s)
손주형; 구성민; 최종무; 조성제; 백승재; 전광일; 박준혁; 김형춘
KIOST Author(s)
Baek, Seungjae(백승재)
Publication Year
2017-04-06
Abstract
As the use of cloud computing and autonomous computing increases, integrity verification of the software stack used in a system becomes a critical issue. In this paper, we analyze the internal behavior of IMA (Integrity Measurement Architecture), one of the most well-known integrity verification frameworks employed in the Linux kernel. For integrity verification, IMA measures all executables and their configuration files in a trusty manner using TPM (Trust Platform Module). Our analysis reveals that there are two obstacles in IMA, measurement overhead and nondeterminism. To address these problems, we propose two novel techniques, called batch extend and core measurement. The former is a technique that accumulates the measured values of executables/files and extends them into TPM in a batch fashion. The second technique measures some specified executables/files only so that it verifies the core integrity of a system in which a user or a remote party is interested. Real implementation based evaluation shows that our proposal can reduce the booting time from 122 to 23 seconds, while supporting the same integrity verification capability of the default IMA policy.ture), one of the most well-known integrity verification frameworks employed in the Linux kernel. For integrity verification, IMA measures all executables and their configuration files in a trusty manner using TPM (Trust Platform Module). Our analysis reveals that there are two obstacles in IMA, measurement overhead and nondeterminism. To address these problems, we propose two novel techniques, called batch extend and core measurement. The former is a technique that accumulates the measured values of executables/files and extends them into TPM in a batch fashion. The second technique measures some specified executables/files only so that it verifies the core integrity of a system in which a user or a remote party is interested. Real implementation based evaluation shows that our proposal can reduce the booting time from 122 to 23 seconds, while supporting the same integrity verification capability of the default IMA policy.
URI
https://sciwatch.kiost.ac.kr/handle/2020.kiost/24190
Bibliographic Citation
Symposium on Applied Computing, pp.1 - 6, 2017
Publisher
ACM
Type
Conference
Language
English
Publisher
ACM
Related Researcher
Research Interests

Computer System,System Software,Storage System,컴퓨터 시스템,시스템 소프트웨어,스토리지 시스템

Files in This Item:
There are no files associated with this item.

qrcode

Items in ScienceWatch@KIOST are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse