14th International Conference on Software QA and Testing on Embedded Systems (QA&Test)
QA&Test edition:14 location:Bilbao, Spain date:16-18 October 2015
In this paper we describe a novel approach to securely obtain measurements
with respect to the integrity of software running on a low-cost and
low-power computing node on demand. We propose to use these measurements
as an indication of the trustworthiness of that node. Our approach is
based on recent developments in Program Counter Based Access Control.
Specifically, we employ Sancus, a light-weight hardware-only Trusted
Computing Base and Protected Module Architecture, to integrate trust
assessment modules into an untrusted embedded OS without using a
hypervisor. Sancus ensures by means of hardware extensions that code and
data of a protected module cannot be tampered with, and that the module's
data remains confidential. Sancus further provides cryptographic
primitives that are employed by our approach to enable the trust management
system to verify that the obtained trust metrics are authentic and fresh.
Thus, our trust assessment modules can inspect the OS or application code
and securely report trust metrics to an external trust management system.
We outline a prototypic implementation of our approach that integrates
Sancus-protected trust assessment modules with the Contiki OS, running on a
Sancus-enabled TI MSP430 microcontroller.