Home
Publications
I. Optical
II. Authentication
III. Switching
IV. Embedding
V. Ring
VI. Hypergraph
Miscellaneous
Patents
Education & Positions
Graduate Courses
Closing lines ...

Remote authentication of software in run-time

Remote authentication answers to the following research question:
How can the execution of an application be continuously entrusted by a remote entity, albeit the software component is running inside an untrusted environment? (Remote entrusting problem).

Our methodology presents two key innovative principles:
  • Core of trust location: Core of trust is placed in a remote entrusting entity across the network.
  • Entrusting method: Software-based trust that is continuous and proactive during run-time. The proposed approach can be used for:
    (i) proactive digital right management,
    (ii) protection on networks and servers from malicious users, and
    (iii) distributed trusted (GRID) computing.
  • Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi, "Application-oriented trust in distributed computing". ARES 2008 - International Conference on Availability, Reliability and Security, Barcelona (Spain), March 2008.
    Mariano Ceccato, Yoram Ofek and Paolo Tonella, "Remote entrusting by run- time software authentication", SOFSEM 2008 - Conference on Current Trends in Theory and Practice of Computer Science,Tatras, Slovakia, January, 2008. Proceedings of the 34th Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2008), vol. 4910 of Lecture Notes in Computer Science, pages 83-97, Springer, 2008.
    M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution of Management Code," 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, Self-Managing Distributed Systems, M. Brunner and A. Keller (Eds.), Springer-Verlag Lecture Notes on Computer Science (LNCS) 2867, ISBN 3-540-20314-1, 2003, pp. 204-206. (Abstract) (Full paper)
    M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution - The TrustedFlow Protocol and its Application to TCP," IASTED International Conference on Communication Systems and Networks (CSN 2003), Benalmadena, Spain, Sep. 2003, pp. 375-280. (Abstract) (Full paper)
    M. Baldi, Y. Ofek, M. Yung, "The TrustedFlow� Protocol - Idiosyncratic Signatures for Authenticated Execution," 4th Annual IEEE Information Assurance Workshop, West Point, NY, USA, June 2003, pp. 288-289. (Abstract) (Full paper)
    P. Falcarin, R. Scandariato, M. Baldi, Y. Ofek, "Integrity Checking in Remote Computation," AICA 2005, Udine (Italy), Oct. 2005. (Abstract) (Full paper)




    TOP HOME

    M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution of Management Code," 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, Self-Managing Distributed Systems, M. Brunner and A. Keller (Eds.), Springer-Verlag Lecture Notes on Computer Science (LNCS) 2867, ISBN 3-540-20314-1, 2003, pp. 204-206.

    ABSTRACT

    TrustedFlow� is a software solution to the probelm of remotly authenticating code during execution. A continuous flow of idiosyncratic signatures assures that the software from which they have emanated is not changed prior to and during execution. TrustedFlow� can be used to create a run-time trust relationship between the components management system.




    TOP HOME

    M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution - The TrustedFlow Protocol and its Application to TCP," IASTED International Conference on Communication Systems and Networks (CSN 2003), Benalmadena, Spain, Sep. 2003, pp. 375-280.

    ABSTRACT

    Assuring that a given code is faithfully executed with defined parameters and constraints is an open problem, which is especially important in the context of computing over communications networks. This work presents TrustedFlow�, a software solution to the problem of remotely authenticating code during execution, which aims at assuring that the software is not changed prior to and during execution. A flow of idiosyncratic signatures is continuously generated and associated to transmitted data by a secret function that is hidden (e.g., obfuscated) in the software and whose execution is subordinated to the proper execution of the software being authenticated. The flow of signatures is validated by a remote component.




    TOP HOME

    M. Baldi, Y. Ofek, M. Yung, "The TrustedFlow� Protocol - Idiosyncratic Signatures for Authenticated Execution," 4th Annual IEEE Information Assurance Workshop, West Point, NY, USA, June 2003, pp. 288-289.

    ABSTRACT

    This work presents a software solution to the problem of remotely authenticating software during execution, which aims�at assuring that the software is not changed prior to and during execution. The solution is based on a flow of idiosyncratic signatures that is generated by a function hidden in the software to be authenticated and validated by a remote computing component. The TrustedFlow� approach is complementary to many current enhancements for secure computing and networking: while other approaches provide privacy and authentication protecting from the attacks of a man in the middle, TrustedFIow� protects from the attack of a man at the edge.




    TOP HOME

    P. Falcarin, R. Scandariato, M. Baldi, Y. Ofek, "Integrity Checking in Remote Computation," AICA 2005, Udine (Italy), Oct. 2005.

    ABSTRACT

    How can a client-side application be entrusted albeit running inside an un-trusted environment? Within an un-trusted environment a possibly malicius user has complete access to system resources and tools in order to tamper with the application code. Under those assumption that the client code has not been altered prior to and during execution, i.e., the server is required to continuously entrust the client. To address this problem, we propose a novel approach based on the clien-side generation of an execution signature, which is remotely checked by the server, wherein affirmative checking ensure the authenticity of the client-side software. The method proposed is applicable to remote computation, in general, and has the potential to solve some of the central trust problems in GRID computing.

    TOP HOME


    Pages hosted by "Computer Networks and Mobility Group" - DIT - Università di Trento - Italy.
    © Yoram Ofek Homepage, All Rights Reserved.
    Last updated: 2009-07-02 07:02:30