In this paper, we present a comprehensive timingbased attestation system suitable for typical enterprise use and evidence of that systems performance.
New Results for Timing-Based Attestation
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
In this paper, we present a comprehensive timingbased attestation system suitable for typical enterprise use and evidence of that systems performance. This system, similar to Pioneer [19] but built with relaxed assumptions suitable for an enterprise setting, successfully detects attacks on code integrity over 6 hops of an enterprise network, even with an average of 1.7% time overhead for the attacker. We also present the first implementation and evaluation of a Trusted Platform Module (TPM) hardware timing-based attestation protocol. We describe the set-up and results of a set of experiments showing the effectiveness of our timing-based system; the data address previous work questioning the efficacy of timing-based attestation in practical settings. While it is our firm belief that system measurement itself is an worthwhile goal, and timing-based attestation systems can provide equally-trustworthy measurements a hardware-based attestation systems, we feel that Time Of Check, Time Of Use (TOCTOU) attacks have not gotten appropriate attention in the literature. To address this topic, we present the three conditions required to execute such an attack, and how past attacks and defenses relate to these conditions.