Visible to the public Quantitative Analysis of Measurement Overhead for Integrity Verification

TitleQuantitative Analysis of Measurement Overhead for Integrity Verification
Publication TypeConference Paper
Year of Publication2017
AuthorsSon, Juhyung, Koo, Sungmin, Choi, Jongmoo, Choi, Seong-je, Baek, Seungjae, Jeon, Gwangil, Park, Jun-Hyeok, Kim, Hyoungchun
Conference NameProceedings of the Symposium on Applied Computing
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4486-9
Keywordsbatch extend, Collaboration, core measurement, integrity, measurement overhead, policy, Policy Based Governance, policy-based governance, pubcrawl, verification
Abstract

As the use of cloud computing and autonomous computing increases, integrity verification of the software stack used in a system becomes a critical issue. In this paper, we analyze the internal behavior of IMA (Integrity Measurement Architecture), one of the most well-known integrity verification frameworks employed in the Linux kernel. For integrity verification, IMA measures all executables and their configuration files in a trusty manner using TPM (Trust Platform Module). Our analysis reveals that there are two obstacles in IMA, measurement overhead and nondeterminism. To address these problems, we propose two novel techniques, called batch extend and core measurement. The former is a technique that accumulates the measured values of executables/files and extends them into TPM in a batch fashion. The second technique measures some specified executables/files only so that it verifies the core integrity of a system in which a user or a remote party is interested. Real implementation based evaluation shows that our proposal can reduce the booting time from 122 to 23 seconds, while supporting the same integrity verification capability of the default IMA policy.

URLhttp://doi.acm.org/10.1145/3019612.3019738
DOI10.1145/3019612.3019738
Citation Keyson_quantitative_2017