DARE: A framework for dynamic authentication of remote executions

Erdem Aktas; Kanad Ghose

doi:10.1109/ACSAC.2008.49

DARE: A framework for dynamic authentication of remote executions

Erdem Aktas
, Kanad Ghose

School of Computing

Binghamton University

State University of New York Binghamton University

Research output: Contribution to journal › Conference article › peer-review

2 Scopus citations

Abstract

With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

Original language	English
Article number	4721580
Pages (from-to)	453-462
Number of pages	10
Journal	Proceedings - Annual Computer Security Applications Conference, ACSAC
DOIs	https://doi.org/10.1109/ACSAC.2008.49
State	Published - 2008
Event	24th Annual Computer Security Applications Conference, ACSAC 2008 - Anaheim, CA, United States Duration: Dec 8 2008 → Dec 12 2008

Keywords

Computer security
Signature-based authentication
Trusted computing

Access to Document

10.1109/ACSAC.2008.49

Cite this

@article{f98f93ef73c540808296db5b34b4d95b,

title = "DARE: A framework for dynamic authentication of remote executions",

abstract = "With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7\% to 24\% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.",

keywords = "Computer security, Signature-based authentication, Trusted computing",

author = "Erdem Aktas and Kanad Ghose",

year = "2008",

doi = "10.1109/ACSAC.2008.49",

language = "English",

pages = "453--462",

journal = "Proceedings - Annual Computer Security Applications Conference, ACSAC",

issn = "1063-9527",

publisher = "Association for Computing Machinery",

note = "24th Annual Computer Security Applications Conference, ACSAC 2008 ; Conference date: 08-12-2008 Through 12-12-2008",

}

TY - JOUR

T1 - DARE

T2 - 24th Annual Computer Security Applications Conference, ACSAC 2008

AU - Aktas, Erdem

AU - Ghose, Kanad

PY - 2008

Y1 - 2008

N2 - With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

AB - With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. This paper presents a generic framework for authenticating remote executions on a potentially untrusted remote server - essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the proposed scheme. The performance overhead of our technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks.

KW - Computer security

KW - Signature-based authentication

KW - Trusted computing

UR - https://www.scopus.com/pages/publications/60649105958

U2 - 10.1109/ACSAC.2008.49

DO - 10.1109/ACSAC.2008.49

M3 - Conference article

SN - 1063-9527

SP - 453

EP - 462

JO - Proceedings - Annual Computer Security Applications Conference, ACSAC

JF - Proceedings - Annual Computer Security Applications Conference, ACSAC

M1 - 4721580

Y2 - 8 December 2008 through 12 December 2008

ER -

DARE: A framework for dynamic authentication of remote executions

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this