SCARR: A Novel Scalable Runtime Remote Attestation
share
Runtime remote attestation is a technique that allows to validate the correct execution of a program on a remote device. This is a mechanism that protects against runtime exploitations. One of these is control-flow attack, which exploits memory corruptions errors. To mitigate control-flow attacks, current defense strategies rely on control-flow integrity checks or on address space layout randomization (ASLR), unfortunately, these solutions are commonly bypassed by adversaries. Recently, researches proposed runtime remote attestation schemes that work for small programs or for embedded systems, but current approaches are not suitable for complex software like web-servers. In this work, we present SCARR: the first SCAlable Runtime Remote attestation that is designed for complex software, which might involve multi-threading programming, ASLR, and operating system signals. Unlike previous approaches, SCARR can model valid program execution paths in a scalable way and it is also suitable for monitoring virtual machines in cloud environments. We developed our idea in a proof-of-concept example and deployed it over a set of popular software. As a result, SCARR monitors remote software execution by only doubling the execution time compared to the original program, and it can efficiently deals with large applications by using a small number of measurements
READ FULL TEXT