Remote attestation to dynamic system properties: Towards providing complete system integrity evidence

Abstract

Remote attestation of system integrity is an essential part of trusted computing. However, current remote attestation techniques only provide integrity proofs of static properties of the system. To address this problem we present a novel remote dynamic attestation system named ReDAS (Remote Dynamic Attestation System) that provides integrity evidence for dynamic system properties. Such dynamic system properties represent the runtime behavior of the attested system, and enable an attester to prove its runtime integrity to a remote party. ReDAS currently provides two types of dynamic system properties for running applications: structural integrity and global data integrity. In this work, we present the challenges of remote dynamic attestation, provide an in-depth security analysis and introduce a first step towards providing a complete runtime dynamic attestation framework. Our prototype implementation and evaluation with real-world applications show that we can improve on current static attestation techniques with an average performance overhead of 8%. ©2009 IEEE.