Issue No. 01 - January/February (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.15
Joshua Schiffman , Pennsylvania State University
Thomas Moyer , Pennsylvania State University
Trent Jaeger , Pennsylvania State University
Patrick McDaniel , Pennsylvania State University
Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the Network-Based Root of Trust for Installation (netROTI, for short) binds the state of a system to its installer and disk image. Evaluation results show that a netROTI installation adds about 8 seconds overhead plus 3 percent of image download time to a standard network install and thwarts many known attacks against the installation process.
trusted computing, security, network-installation
J. Schiffman, T. Moyer, T. Jaeger and P. McDaniel, "Network-Based Root of Trust for Installation," in IEEE Security & Privacy, vol. 9, no. , pp. 40-48, 2011.