Integrity Verification with Trusted Computing Technologies

While most microkernel-based systems implement non-essential software components as user space tasks and strictly separate those tasks during runtime, they often rely on a static configuration and composition of their software components to ensure safety and security.

In our research, we extend a microkernel-based system architecture with a TPM and propose a verification mechanism for a microkernel runtime environment, which calculates integrity measurements before allowing to load (remote) binaries.

As a result, our approach is the first to adopt the main ideas of the Integrity Measurement Architecture (IMA), which has been proposed for Linux-based systems, to a microkernel. In comparison, however, it significantly reduces the Trusted Computing Base (TCB) and allows for a strict separation of the integrity verification component from any rich operating system, such as GNU/Linux or Android, running in parallel.

In our implementation, which is based on L4/Fiasco.OC with L4Re as runtime environment, we present our extension of the existing L4Re loader service that calculates integrity measurements for each binary. We also evaluate our implementation on two ARM-based developer boards and discuss code size, security, and performance of our proposed integrity verification mechanism.

Further information

Fraunhofer AISEC

Fraunhofer Institute for Applied and Integrated Security AISEC under the responsibility of Prof. Dr. Claudia Eckert is one of the leading research institutions in Europe. Fraunhofer AISEC is focused on development of application-oriented security solutions and their precise and tailored integration into existing systems. Core competences of over 90 scientific and technical members of staff lie in the areas of hardware security and the security of embedded systems, product and intellectual property protection, network security, and security in cloud- and service-oriented computing. Fraunhofer AISEC’s clients operate in a variety of industrial sectors, such as the chip card industry, telecommunications, the automotive industry, and mechanical engineering, as well as the software and healthcare industries. The main goal is to support and improve the competitiveness of our clients and partners in the manufacturing and service sectors as well as those in the public sector.

Newsletter Subscribe