Check out the new USENIX Web site. next up previous
Next: Conclusions Up: Design and Implementation of Previous: Implementation and Usability Aspects


Our architecture is non-intrusive and does not prevent systems from running malicious programs. However, we modify our approach to enforce security as well. In this case, we pre-load the measurement cache with a set of expected fingerprints for trusted programs. The measurement call then fingerprints the file to be measured and compares it to the set of expected fingerprints. If the fingerprint does not match any of them, it aborts the load and reports the illegal fingerprint. Note that the attesting system's enforcement requirements may be different than those of the challenger, so the challenger still needs to perform a validation.

Our measurement architecture is not restricted to measuring executable code. Adding measurement hooks into applications, we can include structured input data, such as configuration files and java classes, into our measurements. Changes are simple-instrumenting applications, such as Apache or the Java classloader, means adding a measurement call before loading relevant files.

In order to establish confidence in a system, privacy is impacted by our approach. The attestation protocol releases detailed information of the attesting system to allow challengers or trusted third parties to establish trust. However, the attesting system has full control over the release of this information, and can run code that it trusts not to release such information. Also, a system agent could be configured to release attestations to authenticated challengers and the operating system could only provide quotes to that agent.

Inducing frequent changes in loaded executable files can cause the measurement list to grow beyond practical limits, resulting in a denial of service attack. To prevent this attack, a maximum length of the measurement list can be configured. Any additional measurement is aggregated into the TPM-protected PCR register, but the measurement is not stored in the kernel. Consequently, a system that exceeds this maximum number of measurements will not be able to successfully convince challenging parties of its integrity because the measurement list will not validate against the aggregate any more.

next up previous
Next: Conclusions Up: Design and Implementation of Previous: Implementation and Usability Aspects
sailer 2004-05-18