Today computing systems are under attack from a wide variety of malware like user and kernel-level rootkits, worms and viruses, and spyware programs. Increased network connectivity, the presence of remotely exploitable vulnerabilities in software, and the easy availability of know-how and tools for malware development have made it easy for attackers to compromise computing system software in order to introduce malware. Malware is not limited to application programs and operating systems; even the device-level firmware is not spared as was demonstrated by the CIH (Chernobyl) virus, that destroyed the BIOS of any PC that it infected. It is hypothesized that the only reason that device-level firmware is not extensively targeted by malware is because there is plenty of lower hanging fruit in the form of application software and operating system kernels. Attackers use malware to tamper with the execution of software we use in order to steal our private information and, in the process, they compromise our privacy and safety. Given the state of affairs, we need an assurance that the software we use is not tampered with by any malware that may be present. Such an assurance enables us to use our computing devices with confidence.

The goal of our research is to build a primitive that provides the guarantee of "verifiable code execution" on a computing system to an external verifier. That is, the verifier obtains an assurance that the execution of an arbitrary piece of code on a computing system cannot be tampered with by any malware that may be present on the computing system. Our work encompasses a variety of computing systems ranging from tiny embedded systems like sensor nodes to personal computing devices like cell-phones to network servers.

Pioneer: Verifiable Code Execution on Legacy Systems

Pioneer is our first-step toward externally-verifiable code execution on legacy computing systems. We define legacy computing systems as those that do not have secure co-processors such as the Trusted Platform Module (TPM) or CPU-based security technologies like Intel's LaGrande Technology, and AMD's Pacifica and Presidio. Using Pioneer, an external verifier can obtain the guarantee that execution of an arbitrary piece of code on a legacy computing system is untampered by any malware that may be present. In particular, the verifier obtains the guarantee that any pre-existing malware does not: modify the code image, invoke an alternate (malicious) code, or modify the execution state of the code during execution. We have implemented Pioneer on the Intel Pentium IV Xeon processor with 64-bit extensions.

SAKE: Software Attestation for Key Establishment in Sensor Networks

SAKE is a protocol for establishing a shared key between any two neighboring nodes of a sensor network. SAKE guarantees the secrecy and authenticity of the key that is established, without requiring any prior authentic or secret information in either node. The attacker can read and modify the entire memory contents of both nodes before SAKE executes. Further, to the best of our knowledge, SAKE is the only protocol that can perform key re-establishment after sensor nodes are compromised, because the presence of attacker code in the memory of either node does not compromise the security of SAKE. Also, the attacker can perform any active or passive attack using an arbitrary number of malicious, colluding nodes. SAKE does not require any hardware modification to the sensor nodes, human mediation, or secure side channels. However, we do assume the setting of a computationally-limited attacker that does not introduce its own computationally powerful nodes into the sensor network. SAKE is based on our software-based verifiable code execution primitive called ICE (Indisputable Code Execution), that dynamically establishes a trusted execution environment on a remote, untrusted sensor node.

SCUBA: Secure Code Updates by Attestation in Sensor Networks

SCUBA (Secure Code Updates by Attestation in Sensor Networks) is a protocol for detecting and recovering compromised nodes in sensor networks. The SCUBA protocol enables the design of a sensor network that can detect compromised nodes without false negatives, and either repair them through code updates, or revoke the compromised nodes. SCUBA represents a promising approach for designing secure sensor networks by proposing a first approach for automatic recovery of compromised sensor nodes. It is based on ICE (Indisputable Code Execution), a primitive we introduce to dynamically establish a trusted code base on a remote, untrusted sensor node.

SWATT: Software-based Attestation for Embedded Systems

SWATT provides attestation, that is, it allows an external verifier to establish the absence of malicious changes to the memory contents of an embedded device. It is designed to work with embedded devices based on simple 8 and 16-bit CPUs. SWATT does not require physical access to the memory of the embedded device. Also, SWATT is software-based and does not require any hardware extensions such as secure co-processors.

SWATT provides an equality check for memory contents. This property is insufficient to obtain the guarantee of verifiable code execution since the attacker can modify the code between the time it is checked and the time the code the invoked for execution. This is referred to as the time-of-check-to-time-of-use (TOCTTOU) attack.

Contact Us