High-assurance security systems require strong isolation from the untrusted world to protect the security-sensitive or privacy-sensitive data they process. Existing regulations impose that such systems must execute in a trustworthy operating system (OS) to ensure they are not collocated with untrusted software that might negatively impact their availability or security. However, the existing techniques to attest to the OS integrity fall short due to the cuckoo attack. We present and formally prove a novel defense against this attack. We implement it as part of an integrity monitoring and enforcement system that attests to the remote OS integrity 3.7× -- 8.5× faster than the existing integrity monitoring systems. We demonstrate its practicality by protecting a real-world eHealth application, and performing micro and macro-benchmarks.
Wojciech Ozga, Technische Universität Dresden
Rasha Faqeh, Technische Universität Dresden
Do Le Quoc, Huawei Research
Franz Gregor, Scontain
Silvio Dragone, IBM Research Europe
Christof Fetzer, Technische Universität Dresden
ACM/SIGAPP Symposium on Applied Computing