research-article

TEEMo: trusted peripheral monitoring for optical networks and beyond

Authors:

Marcel Busch,

Ralph Schlenk,

Hans HeckelAuthors Info & Claims

SysTEX '19: Proceedings of the 4th Workshop on System Software for Trusted Execution

Article No.: 7, Pages 1 - 6

https://doi.org/10.1145/3342559.3365339

Published: 27 October 2019 Publication History

Get Access

Abstract

Recent trends like edge computing move metro and core network elements from access restricted back offices to data centers where their attack surface is exposed to a larger audience. These trends increase the need for means of monitoring these network elements' peripherals in a secure and untampered way.

In this paper we introduce the use case of trusted peripheral monitoring on optical network elements. For network operators it is important to keep an untampered log of their network's configuration. But the effective settings can only be retrieved from a network element's hardware itself requiring the retrieval process to be trusted.

We propose TEEMo, an infrastructure for trusted peripheral monitoring for embedded devices based on ARM Trust-Zone. TEEMo establishes a trusted path between peripheral configuration lookup and reporting to a remote log server and reports the current configuration on an interval basis. We present a case study of porting TEEMo to an existing commercial networking product and share our experiences. Finally, we evaluate the performance of the solution and discuss the additional security.

References

[1]

Silvano Frigerio, Alberto Lometti, Juergen Rahn, Stephen Trowbridge, and Eve L. Varma. 2010. Realizing the optical transport networking vision in the 100 Gb/s era. Bell Labs Technical Journal 14, 4 (2010), 163--192.

Digital Library

Google Scholar

[2]

Marija Furdek, Nina Skorin-Kapov, Marko Bosiljevac, and Zvonimir Šipuš. 2010. Analysis of crosstalk in optical couplers and associated vulnerabilities. In The 33rd Internat. Convention MIPRO. IEEE, 461--466.

Google Scholar

[3]

Matthias Gunkel, Arnold Mattheus, Felix Wissel, Antonio Napoli, João Pedro, Nelson Costa, Talha Rahman, Gianluca Meloni, Francesco Fresi, Filippo Cugini, et al. 2015. Vendor-interoperable elastic optical interfaces: Standards, experiments, and challenges. Journal of Optical Communications and Networking 7, 12 (2015), B184--B193.

Crossref

Google Scholar

[4]

Vishal Karande, Erick Bauman, Zhiqiang Lin, and Latifur Khan. 2017. Sgx-log: Securing system logs with sgx. In Proc. of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 19--30.

Digital Library

Google Scholar

[5]

Seungho Lee, Wonsuk Choi, Hyo Jin Jo, and Dong Hoon Lee. 2019. How to Securely Record Logs based on ARM TrustZone. In Proc. of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, July 09--12, 2019. 664--666.

Digital Library

Google Scholar

[6]

Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. Secloak: Arm trustzone-based mobile peripheral control. In Proc. of the 16th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 1--13.

Digital Library

Google Scholar

[7]

He Liu, Stefan Saroiu, Alec Wolman, and Himanshu Raj. 2012. Software abstractions for trusted sensors. In Proc. of the 10th international conference on Mobile systems, applications, and services. ACM, 365--378.

Digital Library

Google Scholar

[8]

Renju Liu and Mani B. Srivastava. 2017. PROTC: PROTeCting Drone's Peripherals through ARM TrustZone. In Proc. of the 3rd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications, DroNet@MobiSys 2017, Niagara Falls, NY, USA, June 23, 2017. 1--6.

Digital Library

Google Scholar

[9]

Nokia. 2019. Secure optical transport with the 1830 Photonic Service Switch. Whitepaper. https://resources.nokia.com/asset/194463.

Google Scholar

Cited By

View all

Li ZMashima DOng WEsiner EKalbarczyk ZChang EQuek TGao DZhou JCardenas A(2024)On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic ControllersProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3645002(947-961)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3645002
Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Röckl JLindenmeier CSchulze MMüller T(2024)Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00030(225-233)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00030
Show More Cited By

Index Terms

TEEMo: trusted peripheral monitoring for optical networks and beyond
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Trusted computing

Recommendations

Research on Trust Evaluation Model Based on TPM
FCST '09: Proceedings of the 2009 Fourth International Conference on Frontier of Computer Science and Technology

Trusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and ...
A Secure and Reliable Platform Configuration Change Reporting Mechanism for Trusted Computing Enhanced Secure Channels
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists

The security of well established secure channel technologies like transport layer security (TLS) or IP security (IPSec) can be significantly improved by emerging concepts like Trusted Computing. The use of trusted platform modules (TPMs) offers new ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering

During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...

Comments

Information & Contributors

Information

Published In

SysTEX '19: Proceedings of the 4th Workshop on System Software for Trusted Execution

October 2019

42 pages

ISBN:9781450368889

DOI:10.1145/3342559

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOSP '19

SOSP '19: ACM SIGOPS 27th Symposium on Operating Systems Principles

October 27, 2019

Ontario, Huntsville, Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
154
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Li ZMashima DOng WEsiner EKalbarczyk ZChang EQuek TGao DZhou JCardenas A(2024)On Practicality of Using ARM TrustZone Trusted Execution Environment for Securing Programmable Logic ControllersProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3645002(947-961)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3645002
Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Röckl JLindenmeier CSchulze MMüller T(2024)Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00030(225-233)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00030
Eichler CRöckl JJung BSchlenk RMüller THönig T(2024)Profiling with trust: system monitoring from trusted execution environmentsDesign Automation for Embedded Systems10.1007/s10617-024-09283-128:1(23-44)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s10617-024-09283-1
Jung BEichler CRockl JSchlenk RHonig TMuller T(2022)Trusted Monitor: TEE-Based System Monitoring2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)10.1109/SBESC56799.2022.9964869(1-8)Online publication date: 21-Nov-2022
https://doi.org/10.1109/SBESC56799.2022.9964869

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Research on Trust Evaluation Model Based on TPM

A Secure and Reliable Platform Configuration Change Reporting Mechanism for Trusted Computing Enhanced Secure Channels

Credibility Attestation of Property Remote Attestation Method

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Research on Trust Evaluation Model Based on TPM

A Secure and Reliable Platform Configuration Change Reporting Mechanism for Trusted Computing Enhanced Secure Channels

Credibility Attestation of Property Remote Attestation Method

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations