We present the design and implementation of a secure integrity measurement system for Linux. All executable content that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example. We apply the measurement architecture to a web server application where we show how our system can detect undesirable invocations, such as rootkit programs, and that measurement is practical in terms of the number of measurements taken and the performance impact of making them.
By: Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert Van Doorn
Published in: Proceedings of the 13th USENIX Security Symposium. Berkeley, CA, , USENIX Association. , p.223-38 in 2004
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .