Remote Attestation of Dynamic Software Stacks

Description

Remote attestation is essential for building trust between devices. It verifies that the remote system under test is in a proper state for predefined characteristics. In this area, two subcategories exist, which are static attestation and dynamic attestation. The former typically uses hash fingerprints of a system’s codebase at program initialization, whereas the latter has the aim to verify system properties during runtime. We investigate a concept for dynamic attestation which uses policies for call stack frames. We address the question to what degree the use of these policies enables us to attest a prepared program at any given time for any given state.

We analyze whether this approach is suitable to detect some common vulnerabilities, such as broken authorization, injections, and information disclosure. Furthermore, we discuss how the concept can be improved using architectural adaptations to improve its granularity to eventually detect any invalid flipping of single bits. For gathering practical insights, we implemented a prototype that receives and analyzes memory dumps of a simple blog service. We evaluate the cost, possible improvements, and trade-offs that are required for the proposed concepts to work. We find that the benefit of increased quality of remote attestation can be achieved, which leads to a higher level of trustworthiness for web services, at the cost of heavy software modification. Our results demonstrate how remote attestation of dynamic software stacks can improve the trustworthiness of the blog service as well as how the structure should be designed so that the remote attestation can benefit from the current security primitives.