Visible to the public Biblio

Filters: Keyword is TPMs  [Clear All Filters]
2019-03-11
Hoeller, A., Toegl, R..  2018.  Trusted Platform Modules in Cyber-Physical Systems: On the Interference Between Security and Dependability. 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :136–144.

Cyber physical systems are the key innovation driver for many domains such as automotive, avionics, industrial process control, and factory automation. However, their interconnection potentially provides adversaries easy access to sensitive data, code, and configurations. If attackers gain control, material damage or even harm to people must be expected. To counteract data theft, system manipulation and cyber-attacks, security mechanisms must be embedded in the cyber physical system. Adding hardware security in the form of the standardized Trusted Platform Module (TPM) is a promising approach. At the same time, traditional dependability features such as safety, availability, and reliability have to be maintained. To determine the right balance between security and dependability it is essential to understand their interferences. This paper supports developers in identifying the implications of using TPMs on the dependability of their system.We highlight potential consequences of adding TPMs to cyber-physical systems by considering the resulting safety, reliability, and availability. Furthermore, we discuss the potential of enhancing the dependability of TPM services by applying traditional redundancy techniques.

2018-02-14
Wang, Frank, Joung, Yuna, Mickens, James.  2017.  Cobweb: Practical Remote Attestation Using Contextual Graphs. Proceedings of the 2Nd Workshop on System Software for Trusted Execution. :3:1–3:7.

In theory, remote attestation is a powerful primitive for building distributed systems atop untrusting peers. Unfortunately, the canonical attestation framework defined by the Trusted Computing Group is insufficient to express rich contextual relationships between client-side software components. Thus, attestors and verifiers must rely on ad-hoc mechanisms to handle real-world attestation challenges like attestors that load executables in nondeterministic orders, or verifiers that require attestors to track dynamic information flows between attestor-side components. In this paper, we survey these practical attestation challenges. We then describe a new attestation framework, named Cobweb, which handles these challenges. The key insight is that real-world attestation is a graph problem. An attestation message is a graph in which each vertex is a software component, and has one or more labels, e.g., the hash value of the component, or the raw file data, or a signature over that data. Each edge in an attestation graph is a contextual relationship, like the passage of time, or a parent/child fork() relationship, or a sender/receiver IPC relationship. Cobweb's verifier-side policies are graph predicates which analyze contextual relationships. Experiments with real, complex software stacks demonstrate that Cobweb's abstractions are generic and can support a variety of real-world policies.