CHORS: Hardening High-Assurance Security Systems with Trusted Computing

Abstract

High-assurance security systems require strong isolation from the untrusted world to protect the security-sensitive or privacy-sensitive data they process. Existing regulations impose that such systems must execute in a trustworthy operating system (OS) to ensure they are not collocated with untrusted software that might negatively impact their availability or security. However, the existing techniques to attest to the OS integrity fall short due to the cuckoo attack. We present and formally prove a novel defense against this attack. We implement it as part of an integrity monitoring and enforcement system that attests to the remote OS integrity 3.7× - 8.5× faster than the existing integrity monitoring systems. We demonstrate its practicality by protecting a real-world eHealth application, and performing micro and macro-benchmarks.