On the TOCTOU Problem in Remote Attestation

May 08, 2020 ยท Declared Dead ยท ๐Ÿ› Conference on Computer and Communications Security

๐Ÿ‘ป CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, Gene Tsudik arXiv ID 2005.03873 Category cs.CR: Cryptography & Security Citations 71 Venue Conference on Computer and Communications Security Last Checked 3 months ago
Abstract
We propose Remote Attestation with TOCTOU Avoidance (RATA): a provably secure approach to address the RA TOCTOU problem. With RATA, even malware that erases itself before execution of the next RA, can not hide its ephemeral presence. RATA targets hybrid RA architectures (implemented as Hardware/Software co-designs), which are aimed at low-end embedded devices. We present two alternative techniques - RATAa and RATAb - suitable for devices with and without real-time clocks, respectively. Each is shown to be secure and accompanied by a publicly available and formally verified implementation. Our evaluation demonstrates low hardware overhead of both techniques. Compared with current RA architectures - that offer no TOCTOU protection - RATA incurs no extra runtime overhead. In fact, RATA substantially reduces computational costs of RA execution.
Community shame:
Not yet rated
๐Ÿ“„ View on arXiv ๐ŸŒ View on ar5iv ๐Ÿ“‘ PDF ๐ŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Cryptography & Security

Died the same way โ€” ๐Ÿ‘ป Ghosted