Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Lightweight attestation and secure code update for multiple separated microkernel tasks

: Wagner, S.; Krauß, C.; Eckert, C.


Desmedt, Y.:
Information security. 16th international conference, ISC 2013. Proceedings : Dallas, Texas, November 13-15, 2013
Cham: Springer International Publishing, 2015 (Lecture Notes in Computer Science 7807)
ISBN: 978-3-319-27659-5 (Online)
ISBN: 978-3-319-27658-8 (Print)
Information Security Conference (ISC) <16, 2013, Dallas/Tex.>
Fraunhofer AISEC ()

By implementing all non-essential operating system services as user space tasks and strictly separating those tasks, a microkernel can effectively increase system security. However, the isolation of tasks does not necessarily imply their trustworthiness. In this paper, we propose a microkernel-based system architecture enhanced with a multi-context hardware security module (HSM) that enables an integrity verification, anomaly detection, and efficient lightweight attestation of multiple separated tasks. Our attestation protocol, which we formally verified using the automated reasoning tool ProVerif, implicitly proves the integrity of multiple tasks, efficiently communicates the result to a remote verifier, and enables a secure update protocol without the need for digital signatures that require computationally expensive operations.