With the rapidly evolving next-generation systems-of-systems, we face new security, resilience, and operational assurance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify software and device integrity to detect run-time modifications. Towards this direction, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device's (the prover's) integrity. However, many of the existing families of attestation solutions have strong assumptions on the verifying entity's trustworthiness, thus not allowing for privacy preserving integrity correctness. Furthermore, they suffer from scalability and efficiency issues. This paper presents a lightweight dynamic configuration integrity verification that enables inter and intra-device attestation without disclosing any configuration information and can be applied on both resource-constrained edge devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable solution eliminating the need for federated infrastructure trust.
翻译:随着下一代系统的迅速发展,我们面临着新的安全、复原力和操作保障挑战。面对不断增长的攻击场景,有必要建立高效率的机制来核查软件和装置的完整性,以探测运行时间的修改。朝这个方向看,远程证明是一种有希望的防御机制,使第三方,即核查人,能够确保远程设备(验证人)的完整性。然而,许多现有的验证解决方案对核查实体的可靠性有强烈的假设,从而不允许隐私保护完整性的正确性。此外,它们还存在可缩放和效率问题。本文展示了轻量的动态配置完整性核查,使得能够进行内部和内部的验证,而无需披露任何配置信息,并可用于资源限制的边缘装置和云服务。我们的目标是加强运行软件的完整性和可靠性,并采用可扩展的解决办法,消除对封闭基础设施信任的需求。