|
|
|
| | II. Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
Remote authentication of software in run-time
Remote authentication answers to the following research question:
How can the execution of an application be continuously entrusted by a remote entity, albeit the software component is running inside an untrusted environment? (Remote entrusting problem).
Our methodology presents two key innovative principles:
Core of trust location: Core of trust is placed in a remote entrusting entity across the network.
Entrusting method: Software-based trust that is continuous and proactive during run-time.
The proposed approach can be used for:
(i) proactive digital right management,
(ii) protection on networks and servers from malicious users, and
(iii) distributed trusted (GRID) computing.
Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi, "Application-oriented trust in distributed computing". ARES 2008 - International Conference on Availability, Reliability and Security, Barcelona (Spain), March 2008.
|
Mariano Ceccato, Yoram Ofek and Paolo Tonella, "Remote entrusting by run- time software authentication", SOFSEM 2008 - Conference on Current Trends in Theory and Practice of Computer Science,Tatras, Slovakia, January, 2008. Proceedings of the 34th Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2008), vol. 4910 of Lecture Notes in Computer Science, pages 83-97, Springer, 2008.
|
M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution of Management Code," 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, Self-Managing Distributed Systems, M. Brunner and A. Keller (Eds.), Springer-Verlag Lecture Notes on Computer Science (LNCS) 2867, ISBN 3-540-20314-1, 2003, pp. 204-206. (Abstract) (Full paper)
|
M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution - The TrustedFlow Protocol and its Application to TCP," IASTED International Conference on Communication Systems and Networks (CSN 2003), Benalmadena, Spain, Sep. 2003, pp. 375-280. (Abstract) (Full paper)
|
M. Baldi, Y. Ofek, M. Yung, "The TrustedFlow� Protocol - Idiosyncratic Signatures for Authenticated Execution," 4th Annual IEEE Information Assurance Workshop, West Point, NY, USA, June 2003, pp. 288-289. (Abstract) (Full paper)
|
P. Falcarin, R. Scandariato, M. Baldi, Y. Ofek, "Integrity Checking in Remote Computation," AICA 2005, Udine (Italy), Oct. 2005. (Abstract) (Full paper)
|
|
TOP
HOME
|
M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution of Management Code," 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg, Germany, Oct. 2003, Self-Managing Distributed Systems, M. Brunner and A. Keller (Eds.), Springer-Verlag Lecture Notes on Computer Science (LNCS) 2867, ISBN 3-540-20314-1, 2003, pp. 204-206.
ABSTRACT
TrustedFlow� is a software solution to the probelm of remotly authenticating code during execution. A continuous flow of idiosyncratic signatures assures that the software from which they have emanated is not changed prior to and during execution. TrustedFlow� can be used to create a run-time trust relationship between the components management system.
|
|
TOP
HOME
|
M. Baldi, Y. Ofek, M. Yung, "Idiosyncratic Signatures for Authenticated Execution - The TrustedFlow Protocol and its Application to TCP," IASTED International Conference on Communication Systems and Networks (CSN 2003), Benalmadena, Spain, Sep. 2003, pp. 375-280.
ABSTRACT
Assuring that a given code is faithfully executed with defined parameters and constraints is an open problem, which is especially important in the context of computing over communications networks. This work presents TrustedFlow�, a software solution to the problem of remotely authenticating code during execution, which aims at assuring that the software is not changed prior to and during execution. A flow of idiosyncratic signatures is continuously generated and associated to transmitted data by a secret function that is hidden (e.g., obfuscated) in the software and whose execution is subordinated to the proper execution of the software being authenticated. The flow of signatures is validated by a remote component.
|
|
TOP
HOME
|
M. Baldi, Y. Ofek, M. Yung, "The TrustedFlow� Protocol - Idiosyncratic Signatures for Authenticated Execution," 4th Annual IEEE Information Assurance Workshop, West Point, NY, USA, June 2003, pp. 288-289.
ABSTRACT
This work presents a software solution to the problem of remotely authenticating software during
execution, which aims�at assuring that the software is not changed prior to and during execution. The solution is based on a flow of idiosyncratic signatures that is generated by a function hidden in the software to be authenticated and validated by a remote computing component. The TrustedFlow� approach is complementary to many current enhancements for secure computing and networking: while other approaches provide privacy and authentication protecting from the attacks of a man in the middle, TrustedFIow� protects from the attack of a man at the edge.
|
|
TOP
HOME
|
P. Falcarin, R. Scandariato, M. Baldi, Y. Ofek, "Integrity Checking in Remote Computation," AICA 2005, Udine (Italy), Oct. 2005.
ABSTRACT
How can a client-side application be entrusted albeit running inside an un-trusted environment? Within an un-trusted environment a possibly malicius user has complete access to system resources and tools in order to tamper with the application code. Under those assumption that the client code has not been altered prior to and during execution, i.e., the server is required to continuously entrust the client. To address this problem, we propose a novel approach based on the clien-side generation of an execution signature, which is remotely checked by the server, wherein affirmative checking ensure the authenticity of the client-side software. The method proposed is applicable to remote computation, in general, and has the potential to solve some of the central trust problems in GRID computing.
|
TOP
HOME
|
|
|