Abstract

In trustworthy systems, object reuse requirements extend to all forms of memory on the platform and can include volatile elements such as RAM, cache, I/O device registers, and certain controllers. To ensure that residual information is not accessible from one session to another, these regions must be either protected or purged. In situations where the operating system cannot be trusted to meet object reuse requirements, an alternative is needed. In this paper, we address the object reuse problem in volatile memory. A reboot includes a power cycle, which ensures that sensitive information in volatile memory is purged, whereas a software initiated reboot does not. How can we prove that a hard reboot has occurred? To our knowledge, it is not possible for a remote entity using currently available technology, to sense whether a hard reboot has occurred on an PC client, e.g. between communication sessions. We propose a hardware-assisted design that uses a secure coprocessor to sense the reboot type of the host platform and that maintains a boot odometer that tracks the sum of hard reboots that have occurred on the host. In addition, secure coprocessor services allow trustworthy attestation to a remote entity, cognizant of a previous boot odometer value, that volatile memory has been purged

Full Text

Paper version not known (Free)

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.