Title :
DARE: A Framework for Dynamic Authentication of Remote Executions
Author :
Aktas, Erdem ; Ghose, Kanad
Author_Institution :
Dept. of Comput. Sci., State Univ. of New York, Binghamton, NY
Abstract :
With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.
Keywords :
client-server systems; message authentication; program verification; Linux; client-server system; distributed system; dynamic remote program execution authentication; optimization technique; security mechanism; untrusted remote server; Application software; Authentication; Computer science; Computer security; Data security; Instruments; Protection; Prototypes; Runtime; Web server; Computer Security; Signature-based Authentication; Trusted Computing;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.49
