Skip to main content
SpringerLink
Log in

Authentic Execution of Distributed Event-Driven Applications with a Small TCB

  • Conference paper
  • First Online:
Security and Trust Management (STM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10547))

Included in the following conference series:

Abstract

This paper presents an approach to provide strong assurance of the secure execution of distributed event-driven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by a Protected Module Architecture (PMA) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices used by these applications. More specifically, we want to guarantee that if an output is produced by the application, it was allowed to be produced by the application’s source code. We present a prototype implementation as an extension of Sancus, a light-weight embedded PMA that extends the TI MSP430 CPU. Our evaluation of the security and performance aspects of our approach and the prototype show that PMAs together with our programming model form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems, the Internet of Things or Wireless Sensor Networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M.: Protection in programming-language translations. In: Vitek, J., Jensen, C.D. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 19–34. Springer, Heidelberg (1999). doi:10.1007/3-540-48749-2_2

    Chapter  Google Scholar 

  2. Agten, P., Strackx, R., Jacobs, B., and Piessens, F.: Secure compilation to modern processors. In: CSF, pp. 171–185. IEEE (2012)

    Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28496-0_19

    Chapter  Google Scholar 

  4. Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: The design space of lightweight cryptographic hashing. IEEE Trans. Comput. 99(PrePrints), 1 (2012)

    MATH  Google Scholar 

  5. Dolev, D., Yao, A.C.: On the security of public key protocols. In: SFCS, pp. 350–357. IEEE (1981)

    Google Scholar 

  6. Dunkels, A., Gronvall, B., Voigt, T.: Contiki - a lightweight and flexible operating system for tiny networked sensors. In: Local Computer Networks, pp. 455–462. IEEE (2004)

    Google Scholar 

  7. Fernandez-Gago, M., Roman, R., Lopez, J.: A survey on the applicability of trust management systems for wireless sensor networks. In: SECPerU, pp. 25–30 (2007)

    Google Scholar 

  8. Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. (99), 1–14 (2017). http://ieeexplore.ieee.org/abstract/document/7807249/

  9. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.F.: An execution infrastructure for TCB minimization. In: Eurosys, pp. 315–328. ACM (2008)

    Google Scholar 

  10. McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: a framework for securing sensitive user input. In: ATEC, USENIX (2006)

    Google Scholar 

  11. McCune, J.M., Perrig, A., Reiter, M.K.: Safe passage for passwords and other sensitive data. In: NDSS (2009)

    Google Scholar 

  12. Mühlberg, J.T., Cleemput, S., Mustafa, M.A., Van Bulck, J., Preneel, B., Piessens, F.: An implementation of a high assurance smart meter using protected module architectures. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 53–69. Springer, Cham (2016). doi:10.1007/978-3-319-45931-8_4

    Chapter  Google Scholar 

  13. Mühlberg, J.T., Noorman, J., Piessens, F.: Lightweight and flexible trust assessment modules for the internet of things. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 503–520. Springer, Cham (2015). doi:10.1007/978-3-319-24174-6_26

    Chapter  Google Scholar 

  14. Noorman, J., Agten, P., Daniels, W., Strackx, R., Van Herrewege, A., Huygens,C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: low-cost trustworthyextensible networked devices with a zero-software trusted computing base. In: USENIX Security Symposium, pp. 479–494. USENIX (2013)

    Google Scholar 

  15. Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. VC3: trustworthy data analytics in the cloud using SGX. In: Symposium on S&P, pp. 38–54. IEEE (2015)

    Google Scholar 

  16. Strackx, R., Noorman, J., Verbauwhede, I., Preneel, B., Piessens, F.: Protected software module architectures. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2013 Securing Electronic Business Processes, pp. 241–251. Springer, Wiesbaden (2013). doi:10.1007/978-3-658-03371-2_21

    Chapter  Google Scholar 

Download references

Acknowledgements

This research is partially funded by the Research Fund KU Leuven.

Author information

Authors and Affiliations

  1. imec-DistriNet, KU Leuven, Celestijnenlaan 200A, 3001, Leuven, Belgium

    Job Noorman, Jan Tobias Mühlberg & Frank Piessens

Authors
  1. Job Noorman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Tobias Mühlberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jan Tobias Mühlberg .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Noorman, J., Mühlberg, J.T., Piessens, F. (2017). Authentic Execution of Distributed Event-Driven Applications with a Small TCB. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68063-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68062-0

  • Online ISBN: 978-3-319-68063-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation