



























We propose Remote Attestation with TOCTOU Avoidance (RATA): a provably secure approach to address the RA TOCTOU problem. With RATA, even malware that erases itself before execution of the next RA, can not hide its ephemeral presence. RATA targets hybrid RA architectures (implemented as Hardware/Software co-designs), which are aimed at low-end embedded devices. We present two alternative techniques - RATAa and RATAb - suitable for devices with and without real-time clocks, respectively. Each is shown to be secure and accompanied by a publicly available and formally verified implementation. Our evaluation demonstrates low hardware overhead of both techniques. Compared with current RA architectures - that offer no TOCTOU protection - RATA incurs no extra runtime overhead. In fact, RATA substantially reduces computational costs of RA execution.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。