Abstract
This article proposes a dynamic and flexible signature scheme to verify at runtime the execution of a distributed program. Extending [20], the approach relies on the analysis of a trace that represents such an execution using Control Flow Graph (CFG). This mechanism ensures the detection of flow faults that do not correspond to the CFG, i.e. that tamper the normal run of the application. Most effects of malicious code injection commonly met on distributed computing platforms such as grids are covered by this approach. The execution engine used in our signature scheme is certified with the TPM-based Certification of a Remote Resource (TCRR) protocol [5].
Our approach has been implemented in KAAPI,, a C++ middleware library to execute and schedule fine or medium size grain programs on distributed platforms. The concrete validation on two parallel programs (Fibonacci and NQueens) reveals the scalability of the approach and its relatively low overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity. In: CCS 2005: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM, New York (2005)
Aleph1. Smashing the stack for fun and profit. Phrack (49) (1996), http://www.phrack.org/phrack/49/P49-14
Allen, F.E.: Control flow analysis, 1–19 (July 1970)
Bertholon, B., Varrette, S., Bouvry, P.: The tcrr protocol to certify a remote machine. Technical report, http://certicloud.gforge.uni.lu/
Bertholon, B., Varrette, S., Bouvry, P.: Certicloud: a novel tpm-based approach to ensure cloud iaas security. In: Proc. of the 4th IEEE Intl. Conf. on Cloud Computing (CLOUD 2011), July 4–9, IEEE Computer Society, Washington DC (2011)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, USA, pp. 32–46 (May 2005)
Foster, I., Kesselman, C.: The Grid: Blueprint for a new Computing Infrastructure. Morgan Kaufman Publishers (1998)
Gansner, E.R., Koutsofios, E., North, S.C., Vo, K.-P.: A technique for drawing directed graphs. IEEE Trans. Software Eng. 19(3), 214–230 (1993)
Gautier, T., Besseron, X., Pigeon, L.: KAAPI: a Thread Scheduling Runtime System for Data Flow Computations on Cluster of Multi-Processors.. In: Workshop on Parallel Symbolic Computation 2007 (PASCO 2007). ACM, London (2007)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - virtual machine directed approach to trusted computing. In: Virtual Machine Research and Technology Symposium, pp. 29–41. USENIX (2004)
Hoos, H.H., Stützle, T.: Stochastic Local Seacrh Funcdations and Applications. Morgan Kaufmann (2005)
Jafar, S., Krings, A., Gautier, T.: Flexible rollback recovery in dynamic heterogeneous grid computing. IEEE TDSC 6(1) (January 2009)
Jafar, S., Varrette, S., Roch, J.-L.: Using Data-Flow Analysis for Resilence and Result Checking in Peer to Peer Computations. In: Proc. of the 1st Int. Workshop on Grid and Peer-to-Peer Computing Impacts on Large Scale Heterogeneous Distributed Database Systems (GLOBE 2004). IEEE Computer Society (September 2004)
Kirovski, D., Drinić, M., Potkonjak, M.: Enabling trusted software integrity. In: ASPLOS-X: Proc. of the 10th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 108–120. ACM, New York (2002)
McPeak, S., Necula, G.C.: Elkhound: A fast, practical GLR parser generator. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 73–88. Springer, Heidelberg (2004)
Milenković, M., Milenković, A., Jovanov, E.: A framework for trusted instruction execution via basic block signature verification. In: ACM-SE 42: Proceedings of the 42nd Annual Southeast Regional Conference. ACM (2004)
MOAIS Team. KAAPI (2005), http://kaapi.gforge.inria.fr/
Molnar, D.: The SETI@Home Problem (November 2000), http://www.acm.org/crossroads/columns/onpatrol/september2000.html
Necula, G.C., Lee, P.: Proof-Carrying Code. In: Proceedings of the ACM Symposium on Principles of Programming Languages, Paris, France (January 1997)
Oh, N., Shirvani, P.P., Mccluskey, E.J.: Control-flow checking by software signatures. IEEE Transactions on Reliability 51, 111–122 (2002)
Roch, J.-L., Varrette, S.: Probabilistic Certification of Divide & Conquer Algorithms on Global Computing Platforms. Application to Fault-Tolerant Exact Matrix-Vector Product. In: PPASCO 2007 (2007)
Weimer, W., Liblit, B., Foster, J., McPeak, S., Wilkerson, D., Nichols, J.: Elsa: The Elkhound-based C/C++ Parser
Stallman, R.M., et al.: Using GCC: The GNU Compiler Collection Ref Man. FSF (2005)
Takaken. The NQueens Problem, http://www.ic-net.or.jp/home/takaken/e/queen/
TCG. TCG Specification Architecture Overview – Rev 1.4. Technical report
Varrette, S.: Sécurité des Architectures de Calcul Distribué: Authentification et Certification de Résultats. PhD thesis, INP Grenoble and Universitédu Luxembourg (September 2007) (in French)
Varrette, S., Roch, J.-L., Duc, G., Keryell, R.: Building Secure Resources to Ensure Safe Computations in Distributed and Potentially Corrupted Environments. In: César, E., et al. (eds.) Euro-Par 2008. LNCS, vol. 5415, pp. 211–222. Springer, Heidelberg (2008)
Viega, J.: Cloud computing and the common man (2009)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy, pp. 156–168 (2001)
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255–264. ACM, New York (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Varrette, S., Bertholon, B., Bouvry, P. (2012). A Signature Scheme for Distributed Executions Based on Control Flow Analysis. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds) Security and Intelligent Information Systems. SIIS 2011. Lecture Notes in Computer Science, vol 7053. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25261-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-25261-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25260-0
Online ISBN: 978-3-642-25261-7
eBook Packages: Computer ScienceComputer Science (R0)