A practical approach for updating an integrity-enforced operating system
Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2021-01 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Ozga, Wojciech Do Le Quoc Fetzer, Christof |
| description | Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation because it changes the well-known initial state trusted by remote verifiers, such as integrity monitoring systems. Consequently, the integrity monitoring of remote computers becomes unreliable due to the high amount of false positives. We address this problem by adding an extra level of indirection between the operating system and software repositories. We propose a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages. Sanitization consists of modifying unsafe installation scripts and adding digital signatures in a way software packages can be installed in the operating system without violating its integrity. TSR leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process. TSR is transparent to package managers, and requires no changes in the software packages building and distributing processes. Our evaluation shows that running TSR inside SGX is practical; since it induces only ~1.18X performance overhead during package sanitization compared to the native execution without SGX. TSR supports 99.76% of packages available in the main and community repositories of Alpine Linux while increasing the total repository size by 3.6%. |
| doi_str_mv | 10.48550/arxiv.2101.01289 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2101_01289</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2475610663</sourcerecordid><originalsourceid>FETCH-LOGICAL-a523-8e9534b64454d1604120ba667b8f0846c4467b12661d2abeed98e60b566db15d3</originalsourceid><addsrcrecordid>eNotj89LwzAcxYMgOOb-AE8GPLfm57fpcQx1wsDL7iVp0pmxtTFJxf731s3Te_Aej_dB6IGSUigpybOOP_67ZJTQklCm6hu0YJzTQgnG7tAqpSMhhEHFpOQLtF3jEHWbfatPWIcQB91-4m6IeAxWZ98fsO6x77M7RJ-nwvVz1jqLh-DiNU9Tyu58j247fUpu9a9LtH992W-2xe7j7X2z3hVaMl4oV0suDAghhaVABGXEaIDKqI4oAa0Qs6cMgFqmjXO2Vg6IkQDWUGn5Ej1eZy-YTYj-rOPU_OE2F9y58XRtzCxfo0u5OQ5j7OdPDROVBEoAOP8FBqxXUg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2475610663</pqid></control><display><type>article</type><title>A practical approach for updating an integrity-enforced operating system</title><source>Freely Accessible Journals</source><source>arXiv.org</source><creator>Ozga, Wojciech ; Do Le Quoc ; Fetzer, Christof</creator><creatorcontrib>Ozga, Wojciech ; Do Le Quoc ; Fetzer, Christof</creatorcontrib><description>Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation because it changes the well-known initial state trusted by remote verifiers, such as integrity monitoring systems. Consequently, the integrity monitoring of remote computers becomes unreliable due to the high amount of false positives. We address this problem by adding an extra level of indirection between the operating system and software repositories. We propose a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages. Sanitization consists of modifying unsafe installation scripts and adding digital signatures in a way software packages can be installed in the operating system without violating its integrity. TSR leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process. TSR is transparent to package managers, and requires no changes in the software packages building and distributing processes. Our evaluation shows that running TSR inside SGX is practical; since it induces only ~1.18X performance overhead during package sanitization compared to the native execution without SGX. TSR supports 99.76% of packages available in the main and community repositories of Alpine Linux while increasing the total repository size by 3.6%.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2101.01289</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer program integrity ; Computer Science - Cryptography and Security ; Digital signatures ; Operating systems ; Remote monitoring ; Repositories ; Software packages</subject><ispartof>arXiv.org, 2021-01</ispartof><rights>2021. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,780,881,27904</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2101.01289$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3423211.3425674$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Ozga, Wojciech</creatorcontrib><creatorcontrib>Do Le Quoc</creatorcontrib><creatorcontrib>Fetzer, Christof</creatorcontrib><title>A practical approach for updating an integrity-enforced operating system</title><title>arXiv.org</title><description>Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation because it changes the well-known initial state trusted by remote verifiers, such as integrity monitoring systems. Consequently, the integrity monitoring of remote computers becomes unreliable due to the high amount of false positives. We address this problem by adding an extra level of indirection between the operating system and software repositories. We propose a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages. Sanitization consists of modifying unsafe installation scripts and adding digital signatures in a way software packages can be installed in the operating system without violating its integrity. TSR leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process. TSR is transparent to package managers, and requires no changes in the software packages building and distributing processes. Our evaluation shows that running TSR inside SGX is practical; since it induces only ~1.18X performance overhead during package sanitization compared to the native execution without SGX. TSR supports 99.76% of packages available in the main and community repositories of Alpine Linux while increasing the total repository size by 3.6%.</description><subject>Computer program integrity</subject><subject>Computer Science - Cryptography and Security</subject><subject>Digital signatures</subject><subject>Operating systems</subject><subject>Remote monitoring</subject><subject>Repositories</subject><subject>Software packages</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj89LwzAcxYMgOOb-AE8GPLfm57fpcQx1wsDL7iVp0pmxtTFJxf731s3Te_Aej_dB6IGSUigpybOOP_67ZJTQklCm6hu0YJzTQgnG7tAqpSMhhEHFpOQLtF3jEHWbfatPWIcQB91-4m6IeAxWZ98fsO6x77M7RJ-nwvVz1jqLh-DiNU9Tyu58j247fUpu9a9LtH992W-2xe7j7X2z3hVaMl4oV0suDAghhaVABGXEaIDKqI4oAa0Qs6cMgFqmjXO2Vg6IkQDWUGn5Ej1eZy-YTYj-rOPU_OE2F9y58XRtzCxfo0u5OQ5j7OdPDROVBEoAOP8FBqxXUg</recordid><startdate>20210105</startdate><enddate>20210105</enddate><creator>Ozga, Wojciech</creator><creator>Do Le Quoc</creator><creator>Fetzer, Christof</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20210105</creationdate><title>A practical approach for updating an integrity-enforced operating system</title><author>Ozga, Wojciech ; Do Le Quoc ; Fetzer, Christof</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a523-8e9534b64454d1604120ba667b8f0846c4467b12661d2abeed98e60b566db15d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer program integrity</topic><topic>Computer Science - Cryptography and Security</topic><topic>Digital signatures</topic><topic>Operating systems</topic><topic>Remote monitoring</topic><topic>Repositories</topic><topic>Software packages</topic><toplevel>online_resources</toplevel><creatorcontrib>Ozga, Wojciech</creatorcontrib><creatorcontrib>Do Le Quoc</creatorcontrib><creatorcontrib>Fetzer, Christof</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ozga, Wojciech</au><au>Do Le Quoc</au><au>Fetzer, Christof</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A practical approach for updating an integrity-enforced operating system</atitle><jtitle>arXiv.org</jtitle><date>2021-01-05</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>Trusted computing defines how to securely measure, store, and verify the integrity of software controlling a computer. One of the major challenges that make them hard to be applied in practice is the issue with software updates. Specifically, an operating system update causes the integrity violation because it changes the well-known initial state trusted by remote verifiers, such as integrity monitoring systems. Consequently, the integrity monitoring of remote computers becomes unreliable due to the high amount of false positives. We address this problem by adding an extra level of indirection between the operating system and software repositories. We propose a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages. Sanitization consists of modifying unsafe installation scripts and adding digital signatures in a way software packages can be installed in the operating system without violating its integrity. TSR leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process. TSR is transparent to package managers, and requires no changes in the software packages building and distributing processes. Our evaluation shows that running TSR inside SGX is practical; since it induces only ~1.18X performance overhead during package sanitization compared to the native execution without SGX. TSR supports 99.76% of packages available in the main and community repositories of Alpine Linux while increasing the total repository size by 3.6%.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2101.01289</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2021-01 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2101_01289 |
| source | Freely Accessible Journals; arXiv.org |
| subjects | Computer program integrity Computer Science - Cryptography and Security Digital signatures Operating systems Remote monitoring Repositories Software packages |
| title | A practical approach for updating an integrity-enforced operating system |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T10%3A19%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20practical%20approach%20for%20updating%20an%20integrity-enforced%20operating%20system&rft.jtitle=arXiv.org&rft.au=Ozga,%20Wojciech&rft.date=2021-01-05&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2101.01289&rft_dat=%3Cproquest_arxiv%3E2475610663%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2475610663&rft_id=info:pmid/&rfr_iscdi=true |