Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Access Control for Binary Integrity Protection using Ethereum

: Stengele, O.; Baumeister, A.; Birnstill, Pascal; Hartenstein, Hannes


Kerschbaum, F. ; Association for Computing Machinery -ACM-:
SACMAT '19, the 24th ACM Symposium on Access Control Models and Technologies : Toronto, ON, Canada, June 03 - 06, 2019
New York: ACM, 2019
ISBN: 978-1-4503-6753-0
Symposium on Access Control Models and Technologies (SACMAT) <24, 2019, Toronto>
Conference Paper
Fraunhofer IOSB ()
Blockchain; binary integrity protection; revocation

The integrity of executable binaries is essential to the security of
any device that runs them. At best, a manipulated binary can leave
the system in question open to attack, and at worst, it can compromise the entire system by itself. In recent years, supply-chain attacks
have demonstrated that binaries can even be compromised unbeknownst to their creators. This, in turn, leads to the dissemination
of supposedly valid binaries that need to be revoked later.
In this paper, we present and evaluate a concept for publishing
and revoking integrity protecting information for binaries, based on
the Ethereum Blockchain and its underlying peer-to-peer network.
Smart Contracts are used to enforce access control over the publication and revocation of integrity preserving information, whereas
the peer-to-peer network serves as a fast, global communication
service to keep user clients informed. The Ethereum Blockchain
serves as a tamper-evident, publicly-verifiable log of published and
revoked binaries. Our implementation incurs costs comparable to
registration fees for centralised software distribution platforms but
allows publication and revocation of individual binaries within
minutes. The proposed concept can be integrated incrementally
into existing software distribution platforms, such as package repositories or various app stores.