High-assurance security systems require strong isolation from the untrusted
world to protect the security-sensitive or privacy-sensitive data they process.
Existing regulations impose that such systems must execute in a trustworthy
operating system (OS) to ensure they are not collocated with untrusted software
that might negatively impact their availability or security. However, the
existing techniques to attest to the OS integrity fall short due to the cuckoo
attack. In this paper, we first show a novel defense mechanism against the
cuckoo attack, and we formally prove it. Then, we implement it as part of an
integrity monitoring and enforcement framework that attests to the
trustworthiness of the OS from 3.7x to 8.5x faster than the existing integrity
monitoring systems. We demonstrate its practicality by protecting the execution
of a real-world eHealth application, performing micro and macro-benchmarks, and
assessing the security risk.
Related Stories
May 16, 2022