Integrity-Aware Computing

Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide range of systems, from embedded systems to servers in data centers. Our goal for the Integrity-Aware Computing project is to design and evaluate approaches for remotely attesting software integrity and blocking infections on a variety of systems using integrity kernels. Existing hardware architectures provide inadequate support for integrity kernels. Despite this, we equipped commodity embedded systems with compact integrity kernels. We also identified the limitations of existing non-embedded processors and developed an extended processor architecture that provides superior isolation, visibility, performance, and compatibility for integrity kernels.

We demonstrated practical remote attestation for Advanced Metering Infrastructure (AMI), a core technology in emerging smart power grid systems that requires integrity guarantees for each meter over an interval of time rather than just at a given instant. Our prototype Cumulative Attestation Kernel (CAK) uses less than one quarter of the memory available on 32-bit Atmel AVR32 flash MCUs similar to those used in AMI deployments. We analyzed one of the specialized features of such applications by constructing the first formal proof that security requirements are met by a system even when it experiences unexpected, repeated halt conditions, specifically concerning our prototype. We also developed the only remote attestation mechanism for 8-bit Atmel AVR microcontrollers that communicate over networks like those in AMI and that run untrusted application firmware that can be remotely upgraded.

We created the Integrity-Aware Processor (IAP), which is the only processor architecture with direct support for detecting attempts to execute unverified code. Using the IAP as a base, we developed the smallest integrity kernel that checks all code that ever executes in a target Linux system. It uses a network-hosted whitelist.

We are currently investigating other ways in which we can improve processor hardware and associated infrastructure to enforce integrity-awareness in the context of medical devices and other important application areas.


Compact Integrity-Aware Architectures
Michael LeMay
Doctoral Thesis, University of Illinois at Urbana-Champaign, August 2011. [BIB][Related]

Enforcing Executing-Implies-Verified with the Integrity-Aware Processor
Michael LeMay and Carl A. Gunter
International Conference on Trust and Trustworthy Computing (TRUST ’11), Pittsburgh, PA, June 2011. [PPT][BIB][Related]
The original publication is available at

Cumulative Attestation Kernels for Embedded Systems
Michael LeMay and Carl A. Gunter
European Symposium on Research in Computer Security (ESORICS ’09), Saint Malo, France, September 2009. The original publication is available at [PPT][Related]

Last updated on Thursday, June 26, 2014, 12:59 pm