Architecture support for dynamic integrity checking

Arun K. Kanuparthi, Mohamed Zahran, Ramesh Karri

Research output: Contribution to journalArticle

Abstract

A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8% performance overhead and 2.52% area overhead over a baseline processor.

Original languageEnglish (US)
Article number6008639
Pages (from-to)321-332
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume7
Issue number1 PART 2
DOIs
StatePublished - Feb 2012

Fingerprint

General purpose computers
Computer systems
Pipelines
Simulators
Monitoring
Hardware security

Keywords

  • computer architecture
  • computer security
  • Computers and information processing

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Architecture support for dynamic integrity checking. / Kanuparthi, Arun K.; Zahran, Mohamed; Karri, Ramesh.

In: IEEE Transactions on Information Forensics and Security, Vol. 7, No. 1 PART 2, 6008639, 02.2012, p. 321-332.

Research output: Contribution to journalArticle

Kanuparthi, Arun K. ; Zahran, Mohamed ; Karri, Ramesh. / Architecture support for dynamic integrity checking. In: IEEE Transactions on Information Forensics and Security. 2012 ; Vol. 7, No. 1 PART 2. pp. 321-332.
@article{0e55df6b1fb44a6c88962fba206386e8,
title = "Architecture support for dynamic integrity checking",
abstract = "A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8{\%} performance overhead and 2.52{\%} area overhead over a baseline processor.",
keywords = "computer architecture, computer security, Computers and information processing",
author = "Kanuparthi, {Arun K.} and Mohamed Zahran and Ramesh Karri",
year = "2012",
month = "2",
doi = "10.1109/TIFS.2011.2166960",
language = "English (US)",
volume = "7",
pages = "321--332",
journal = "IEEE Transactions on Information Forensics and Security",
issn = "1556-6013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "1 PART 2",

}

TY - JOUR

T1 - Architecture support for dynamic integrity checking

AU - Kanuparthi, Arun K.

AU - Zahran, Mohamed

AU - Karri, Ramesh

PY - 2012/2

Y1 - 2012/2

N2 - A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8% performance overhead and 2.52% area overhead over a baseline processor.

AB - A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8% performance overhead and 2.52% area overhead over a baseline processor.

KW - computer architecture

KW - computer security

KW - Computers and information processing

UR - http://www.scopus.com/inward/record.url?scp=84855926225&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855926225&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2011.2166960

DO - 10.1109/TIFS.2011.2166960

M3 - Article

VL - 7

SP - 321

EP - 332

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 1 PART 2

M1 - 6008639

ER -