Withdraw
Loading…
Compact integrity-aware architectures
LeMay, Michael D.
Loading…
Permalink
https://hdl.handle.net/2142/26037
Description
- Title
- Compact integrity-aware architectures
- Author(s)
- LeMay, Michael D.
- Issue Date
- 2011-08-25T22:10:07Z
- Director of Research (if dissertation) or Advisor (if thesis)
- Gunter, Carl A.
- Doctoral Committee Chair(s)
- Gunter, Carl A.
- Committee Member(s)
- Adve, Sarita V.
- King, Samuel T.
- Neumann, Peter G.
- Department of Study
- Computer Science
- Discipline
- Computer Science
- Degree Granting Institution
- University of Illinois at Urbana-Champaign
- Degree Name
- Ph.D.
- Degree Level
- Dissertation
- Keyword(s)
- computer security
- trustworthy computing
- Abstract
- Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide range of systems, from embedded systems to servers in data centers. In this dissertation, we design and evaluate approaches for remotely attesting software integrity and blocking infections on a variety of systems using integrity kernels. Existing hardware architectures provide inadequate support for integrity kernels. Despite this, we equip commodity embedded systems with compact integrity kernels. We also describe the limitations of existing non-embedded processors. Then, we develop an extended processor architecture that provides superior isolation, visibility, performance, and compatibility for integrity kernels. We were the first to demonstrate practical remote attestation for Advanced Metering Infrastructure (AMI), a core technology in emerging smart power grid systems that requires integrity guarantees for each meter over an interval of time rather than just at a given instant. Our prototype Cumulative Attestation Kernel (CAK) uses less than one quarter of the memory available on 32-bit Atmel AVR32 flash MCUs similar to those used in AMI deployments. We analyze one of the specialized features of such applications by constructing the first formal proof that security requirements are met by a system even when it experiences unexpected, repeated halt conditions, specifically concerning our prototype. We also developed the only remote attestation mechanism for 8-bit Atmel AVR microcontrollers that communicate over networks like those in AMI and that run untrusted application firmware that can be remotely upgraded. We created the Integrity-Aware Processor (IAP), which is the only processor architecture with direct support for detecting attempts to execute unverified code. Using the IAP as a base, we developed the smallest integrity kernel that checks all code that ever executes in a target Linux system. It uses a network-hosted whitelist.
- Graduation Semester
- 2011-08
- Permalink
- http://hdl.handle.net/2142/26037
- Copyright and License Information
- Copyright 2011 Michael LeMay
Owning Collections
Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at IllinoisDissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer ScienceManage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…