DARE: A Framework for Dynamic Authentication of Remote Executions

Author

Aktas, Erdem ; Ghose, Kanad

Author_Institution

Dept. of Comput. Sci., State Univ. of New York, Binghamton, NY

fYear

2008

fDate

8-12 Dec. 2008

Firstpage

453

Lastpage

462

Abstract

With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

Keywords

client-server systems; message authentication; program verification; Linux; client-server system; distributed system; dynamic remote program execution authentication; optimization technique; security mechanism; untrusted remote server; Application software; Authentication; Computer science; Computer security; Data security; Instruments; Protection; Prototypes; Runtime; Web server; Computer Security; Signature-based Authentication; Trusted Computing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2008. ACSAC 2008. Annual

Conference_Location

Anaheim, CA

ISSN

1063-9527

Print_ISBN

978-0-7695-3447-3

Type

conf

DOI

10.1109/ACSAC.2008.49

Filename

4721580