A practical approach for updating an integrity-enforced operating system

01/05/2021
by   Wojciech Ozga, et al.
0

Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation because it changes the well-known initial state trusted by remote verifiers, such as integrity monitoring systems. Consequently, the integrity monitoring of remote computers becomes unreliable due to the high amount of false positives. We address this problem by adding an extra level of indirection between the operating system and software repositories. We propose a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages. Sanitization consists of modifying unsafe installation scripts and adding digital signatures in a way software packages can be installed in the operating system without violating its integrity. TSR leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process. TSR is transparent to package managers, and requires no changes in the software packages building and distributing processes. Our evaluation shows that running TSR inside SGX is practical; since it induces only  1.18X performance overhead during package sanitization compared to the native execution without SGX. TSR supports 99.76 Alpine Linux while increasing the total repository size by 3.6

READ FULL TEXT

page 1

page 2

page 3

page 4

page 5

page 8

page 11

research
02/11/2016

Package equivalence in complex software network

The public package registry npm is one of the biggest software registry....
research
02/28/2022

Practical Automated Detection of Malicious npm Packages

The npm registry is one of the pillars of the JavaScript and TypeScript ...
research
05/12/2022

Synergia: Hardening High-Assurance Security Systems with Confidential and Trusted Computing

High-assurance security systems require strong isolation from the untrus...
research
06/26/2023

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

Trusted Execution Environments (TEEs) are a feature of modern central pr...
research
03/05/2021

Update the Root of Integrity Tree in Secure Non-Volatile Memory Systems with Low Overhead

Data integrity is important for non-volatile memory (NVM) systems that m...
research
02/08/2023

Parma: Confidential Containers via Attested Execution Policies

Container-based technologies empower cloud tenants to develop highly por...
research
05/15/2019

Autonomous Membership Service for Enclave Applications

Trusted Execution Environment, or enclave, promises to protect data conf...

Please sign up or login with your details

Forgot password? Click here to reset