App Attestation Service: A Runtime Remote Attestation for User-mode Processes on Windows
Ensuring the integrity of software components during system boot is crucial for establishing trust in a computing system. Various technologies, including UEFI Secure Boot, Trusted Boot, and Measured Boot, focus on securing the bootstrapping process, creating a chain of trust from the firmware to the kernel and device drivers. However, this chain of trust typically ends once the operating system is running. Techniques like Integrity Measurement Architecture (IMA) and Policy-Reduced Integrity Measurement Architecture (PRIMA) aim to extend this trust to the application layer, measuring the integrity of user-mode applications after the bootstrapping process on Linux/SELinux platforms. However, there exists a gap in the chain of trust in the Windows operating system. This thesis proposes a novel model for measuring the integrity of user-mode processes on Windows and explores how Remote Attestation can be utilized for the application layer.
History
Date
2024-05-03Degree Type
- Master's Thesis
Department
- Information Networking Institute
Degree Name
- Master of Science (MS)