StaticTrust: A Practical Framework for Trusted Networked Devices

Given the proliferation of malware and malicious activities, the integrity of communication systems is an ever growing concern. In this work, we propose StaticTrust, an integrity measurement framework which enables a system to evaluate the integrity and state of a remote client prior to providing trusted communication services. StaticTrust is designed for a specific class of network devices that have software images that change infrequently and require tight configuration control (e.g. routers, switches, trusted gateways, or high-low guards). StaticTrust exploits the relatively static nature of these communication systems and uses a Trusted Platform Module (TPM) to measure the state and provide identity verification for the device. This framework, coupled with the attestation and dynamic firewall exception services we authored, enables remote parties to confirm the integrity of clients, thereby limiting the effects and the proliferation of malware in a compromised system. We implement a prototype of the StaticTrust framework and measure the performance of our system to show that our design choices for constructing the software image result in efficient measurement and verification of system integrity.