微信服务号

微信订阅号

2025-4-24- 19
Home > Archive>Volume 35, Issue 11, 2024 >4949-4972. DOI:10.13328/j.cnki.jos.007001
PDF HTML XML Export Cite reminder
Method of Data Service Integrity Verification Based on Remote Attestation
Author:
Affiliation:

Clc Number:

TP311

  • Article
    • | |
  • Metrics
    • |
  • Reference [45]
    • |
  • Related [20]
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    As an important production factor, data need to be exchanged between different entities to create value. In this process, data integrity needs to be ensured, or in other words, data cannot be tampered without authorization, or otherwise, it may lead to extremely serious consequences. The existing work realizes data evidence preservation by combining distributed ledger with data encryption and verification technology to ensure the integrity of data to be exchanged in transmission, storage, and other related data processing phrases. However, such work is difficult to confirm the integrity of the data provided by the data supplier. Once the data supplier provides forged data, all subsequent integrity assurance will be meaningless. Therefore, this study proposes a method for verifying the integrity of data services based on remote attestation. By using the trusted execution environment as the trust anchor, this method can measure and verify the integrity of the static code, execution process, and execution result of a specific data service. It also optimizes the integrity verification of a specific data service through program slicing, thus extending the scope of data integrity assurance to the time point when the data supplier provides data. A series of experiments are carried out on 25 data services of three real Java information systems to validate the proposed method.

    Reference
    [1] 关于构建更加完善的要素市场化配置体制机制的意见. 2020. http://www.gov.cn/xinwen/2020-04/10/content_5500740.htm
    Opinions on building a more perfect system and mechanism for market based allocation of factors. 2020 (in Chinese). http://www.gov.cn/xinwen/2020-04/10/content_5500740.htm
    [2] 梅宏. 数据治理之法. 北京: 中国人民大学出版社, 2022.
    Mei H. On Data Governance. Beijing: China Renmin University Press, 2022 (in Chinese).
    [3] Walport M. Distributed ledger technology: Beyond block chain. UK Government Office for Science, 2016. 1: 1–88.
    [4] 生态环境执法典型案例. 2022. https://www.mee.gov.cn/ywdt/xwfb/202206/t20220609_985021.shtml
    Typical cases of ecological environment law enforcement. 2022 (in Chinese). https://www.mee.gov.cn/ywdt/xwfb/202206/t20220609_985021.shtml
    [5] Carey MJ, Onose N, Petropoulos M. Data services. Communications of the ACM, 2012, 55(6): 86–97. [doi: 10.1145/2184319.2184340]
    [6] Abadi M, Budiu M, Erlingsson U, Ligatti J. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 2009, 13(1): 4. [doi: 10.1145/1609956.1609960]
    [7] Kuznetzov V, Szekeres L, Payer M, Candea G, Sekar R, Song D. Code-pointer integrity. In: The Continuing Arms Race: Code-reuse Attacks and Defenses. Association for Computing Machinery and Morgan & Claypool, 2018. 81–116.
    [8] Enterprise Resource Planning. 2023. http://en.wikipedia.org/wiki/Enterprise_resource_planning
    [9] Trusted Computing Group. Trusted Platform Module (TPM). https://trustedcomputinggroup.org/work-groups/trusted-platform-module/
    [10] GlobalPlatform. TEE System Architecture v1.3. 2023. https://globalplatform.org/specs-library/tee-system-architecture/
    [11] Intel® Software Guard Extensions (SGX). 2023. https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html
    [12] AMD Secure Encrypted Virtualization (SEV). 2023. https://developer.amd.com/sev/
    [13] ARM. TrustZone. 2023. https://developer.arm.com/ip-products/security-ip/trustzone
    [14] Surminski S, Niesler C, Brasser F, Davi L, Sadeghi AR. RealSWATT: Remote software-based attestation for embedded devices under realtime constraints. In: Proc. of the 2021 ACM SIGSAC Conf. on Computer and Communications Security. ACM, 2021. 2890–2905.
    [15] De Oliveira Nunes I, Jakkamsetti S, Rattanavipanon N, Tsudik G. On the TOCTOU problem in remote attestation. In: Proc. of the 2021 ACM SIGSAC Conf. on Computer and Communications Security. ACM, 2021. 2921–2936.
    [16] Buchanan E, Roemer R, Shacham H, Savage S. When good instructions go bad: Generalizing return-oriented programming to RISC. In: Proc. of the 15th ACM Conf. on Computer and Communications Security. Alexandria: ACM, 2008. 27–38.
    [17] Bletsch T, Jiang XX, Freeh VW, Liang ZK. Jump-oriented programming: A new class of code-reuse attack. In: Proc. of the 6th ACM Symp. on Information, Computer and Communications Security. Hong Kong: ACM, 2011. 30–40.
    [18] Abera T, Asokan N, Davi L, Ekberg JE, Nyman T, Paverd A, Sadeghi AR, Tsudik G. C-FLAT: Control-flow attestation for embedded systems software. In: Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security. Vienna: ACM, 2016. 743–754.
    [19] Dessouky G, Zeitouni S, Nyman T, Paverd A, Davi L, Koeberl P, Asokan N, Sadeghi AR. Lo-fat: Low-overhead control flow attestation in hardware. In: Proc. of the 54th Annual Design Automation Conf. Austin: ACM, 2017. 1–6.
    [20] Zhang YM, Liu XZ, Sun C, Zeng DR, Tan G, Kan X, Ma SQ. ReCFA: Resilient control-flow attestation. In: Proc. of the 2021 Annual Computer Security Applications Conf. ACM, 2021. 311–322.
    [21] Papamartzivanos D, Menesidou SA, Gouvas P, Giannetsos T. Towards efficient control-flow attestation with software-assisted multi-level execution tracing. In: Proc. of the 2021 Int’l Mediterranean Conf. on Communications and Networking. Athens: IEEE, 2021. 512–518.
    [22] Liu JB, Yu Q, Liu W, Zhao SJ, Feng DG, Luo WF. Log-based control flow attestation for embedded devices. In: Proc. of the 11th Int’l Symp. on Cyberspace Safety and Security. Guangzhou: Springer, 2019. 117–132.
    [23] Xu XW, Weber I, Staples M. Architecture for Blockchain Applications. Switzerland: Springer, 2019.
    [24] Pasdar A, Lee YC, Dong ZL. Connect API with blockchain: A survey on blockchain oracle implementation. ACM Computing Surveys, 2023, 55(10): 208. [doi: 10.1145/3567582]
    [25] Provable documentation. 2023. https://docs.provable.xyz
    [26] TLS-Notary. 2023. https://tlsnotary.org/
    [27] Zhang F, Cecchetti E, Croman K, Juels A, Shi E. Town Crier: An authenticated data feed for smart contracts. In: Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security. Vienna: ACM, 2016. 270–282.
    [28] Breidenbach L, Cachin C, Chan B, Coventry A, Ellis S, Juels A, Koushanfar F, Miller A, Magauran B, Moroz D, Nazarov S, Topliceanu A, Tramèr F, Zhang F. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks. 2021.
    [29] Peterson J, Krug J, Zoltu M, Williams AK, Alexander S. Augur: A decentralized oracle and prediction market platform. arXiv:1501.01042, 2020.
    [30] Stojanovski N, Gusev M, Gligoroski D, Knapskog SJ. Bypassing data execution prevention on microsoftwindows XP SP2. In: Proc. of the 2nd Int’l Conf. on Availability, Reliability and Security. Washington: IEEE, 2007. 1222–1226.
    [31] Basic blocks. 2023. https://gcc.gnu.org/onlinedocs/gccint/Basic-Blocks.html
    [32] Allen FE. Control flow analysis. ACM SIGPLAN Notices, 1970, 5(7): 1–19. [doi: 10.1145/390013.808479]
    [33] Global PlatformTM. Introduction to trusted execution environments. 2018. https://globalplatform.org/resource-publication/introduction-to-trusted-execution-environments/
    [34] Huang JC. Program instrumentation and software testing. Computer, 1978, 11(4): 25–32. [doi: 10.1109/C-M.1978.218134]
    [35] Replay attack. 2023. http://en.wikipedia.org/wiki/Replay_attack
    [36] DeMarco T. Structure analysis and system specification. In: Pioneers and Their Contributions to Software Engineering. Bonn: Springer, 1979. 255–288.
    [37] GitHub projects related to Web service. 2023. https://github.com/search?q=web+service
    [38] Blake2. 2023. https://www.blake2.net/
    [39] ASM. 2023. https://asm.ow2.io/
    [40] Soot. 2023. http://soot-oss.github.io/soot/
    [41] Kuang BY, Fu AM, Susilo W, Yu S, Gao YS. A survey of remote attestation in internet of things: Attacks, countermeasures, and prospects. Computers & Security, 2022, 112: 102498. [doi: 10.1016/j.cose.2021.102498]
    [42] Fiddler. 2023. https://www.telerik.com/fiddler
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

张溯,张颖,张伟,黄罡.基于远程证明的数据服务完整性验证方法.软件学报,2024,35(11):4949-4972

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:February 26,2023
  • Revised:April 20,2023
  • Online: November 08,2023
  • Published: November 06,2024
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2038222Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063