Title :
Operating system mechanisms for TPM-based lifetime measurement of process integrity
Author :
Li, Xiao ; Shi, Wenchang ; Liang, Zhaohui ; Liang, Bin ; Shan, Zhiyong
Author_Institution :
Key Lab. of Data E ng. & Knowledge Eng., Renmin Univ., Beijing, China
Abstract :
Implementing runtime integrity measurement in an acceptable way is a big challenge. We tackle this challenge by developing a framework called Patos. This paper discusses the design and implementation concepts of our operating system mechanisms for runtime process integrity measurement, which is an important part of the Patos framework and is named Patos-RIP. Patos-RIP is developed into the main-stream Linux operating system and utilizes TPM as hardware support for tamper-resistance. From the beginning a process is created to the moment the process dies, Patos-RIP conducts integrity measurement at appropriate points of time when the process runs, so as to ensure that the integrity of a process is not compromised during its whole lifetime. This way, Patos-RIP can improve trustworthiness of processes by effectively detecting runtime tampering attacks on processes´ integrity.
Keywords :
Linux; security of data; software architecture; software prototyping; Patos framework; Patos-RIP; lifetime measurement; main-stream Linux operating system; operating system mechanism; runtime process integrity measurement; tamper-resistance; trusted platform module; Computer architecture; Hardware; Image storage; Knowledge engineering; Laboratories; Lifetime estimation; Linux; Operating systems; Runtime; Time measurement;
Conference_Titel :
Mobile Adhoc and Sensor Systems, 2009. MASS '09. IEEE 6th International Conference on
Conference_Location :
Macau
Print_ISBN :
978-1-4244-5113-5
DOI :
10.1109/MOBHOC.2009.5336919
