The International Arab Journal of Information Technology (IAJIT)


Testing and Evaluation of a Secure Integrity Measurement System (SIMS) for Remote Systems

  We  have  designed  a  novel  system  called  a  Secure  In tegrity  Measurement  System  (SIMS)  to  provide  a  prac tical  integrity  for  flexible  and  traditional  remote  syste ms.  SIMS  is  not  only  targeted  for  Linux,  but  it  can   also  be  used  for  different  operating  systems  such  as  Windows,  and  UNIX.  All  an d  executable  content  that  are  loaded  onto  any  operating  system  is  measured before execution. These measurements are p rotected by a secure Database Management System (DB MS) rather than  using  Trusted  Platform  Module  (TPM)  that  is  part  of   the  Trusted  Computing  Group  (TCG)  standards.  The  p roposed  system  can measure the executable content from the BIOS an d the content that is generated at the application layer. Note our system  does  not  require  any  special  hardware  such  TCG  or  a   new  CPU  mode  or  an  operating  system.  In  this  paper ,  a  set  of  experiments  are  carried  out  to  meet  the  security  an d  performance  objectives.  We  have  shown  with  the  sy stem  evaluation  that  the  SIMS  can  provide  a  tamper  detection,  and  recove ry  to  different  kinds  of  content.  The  SIMS  can  efficiently  and  correctly  determine if the executable content has been tamper ed with.   

[1] Alexander D., Arbaugh W., Keromytis A., and Smith J., Safety and Security of Programmable Network Infrastructures, IEEE Communications Magazine , vol. 36, no. 10, pp. 84-92, 1998.

[2] Alkassar A., Stuble C., and Sadeghi A., Secure Object Identification or Solving the Chess Grandmaster Problem, in Proceedings of the Workshop on New Security Paradigms , USA, pp. 77-85, 2003.

[3] Arbaugh W., Farber D., and Smith J., A Secure and Reliable Bootstrap Architecture, in Proceedings of Security and Privacy, IEEE Symposium , USA, pp. 0-65, 1997.

[4] Bond M., Attacks on Crypto Processor Transaction Sets, in Proceedings of the 3 rd International Workshop on Cryptographic Hardware and Embedded Systems , Springer- Verlag, pp. 220-234, 2001.

[5] Brown A. and Seltzer M., Operating System Benchmarking in the Wake of Lmbench: A Case Study of the Performance of NetBSD on the Intel x86 Architecture, in Proceedings of the ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems , USA, pp. 214- 224, 1997.

[6] Chaum D., Distance-Bounding Protocols Extended Abstract, in Proceedings of EUROCRYPT, Lecture Notes in Computer Science , Springer-Verlag, pp. 344-359, 1993.

[7] Dyer J., Lindemann M., Perez R., Sailer R., VanDoorn L., Smith S., and Weingart S., Building the IBM 4758 Secure Coprocessor, Journal of IEEE Computer Society , vol. 34, no. 10, pp. 57-66, 2001.

[8] Garriss S., C aceres R., Berger S., Sailer R., VanDoorn L., and Zhang X., Trustworthy and Personalized Computing on Public Kiosks, in Proceedings of the 6 th International Conference on Mobile Systems, Applications and Services , USA, pp. 199-210, 2008.

[9] Iliev A. and Smith S., Protecting Client Privacy with Trusted Computing at the Server, Computer Journal of IEEE Security and Privacy , vol. 3, no. 2, pp. 20-28, 2005.

[10] Loscocco P., Wilson P., Pendergrass J., and McDonell C., Linux Kernel Integrity Measurement using Contextual Inspection, in Proceedings of the ACM Workshop on Scalable Trusted Computing , USA, pp. 21-29, 2007.

[11] McCune J., Parno B., Perrig A., Reiter M., and Isozaki H., Flicker: An Execution Infrastructure for TCB Minimization, in Proceedings of the 3 rd ACM SIGOPS/EuroSys European Conference on Computer Systems , USA, pp. 315-328, 2008.

[12] Nakamura M. and Munetoh S., Designing a Trust Chain for a Thin Client on a Live Linux Cd, in Proceedings of the ACM Symposium on Applied Computing , USA, pp. 1605-1606, 2007.

[13] Parno B., Bootstrapping Trust in a Trusted Platform, in Proceedings of the 3 rd Conference on Hot Topics in Security , USA, pp. 1-6, 2008.

[14] Sailer R., Zhang X., Jaeger T., and Vandoorn L., Design and Implementation of a TCG-Based Integrity Measurement Architecture, in Proceedings of USENIX Security Symposium , USA, pp. 223-238, 2004.

[15] Smith S. and Weingart S., Building a High- Performance Programmable Secure Coprocessor, Journal of Computer Network , vol. 31, no. 9, pp. 831-860, 1999.

[16] Smith S., Gollmann D., Karjoth G., and Waidner M., Outbound Authentication for Programmable Secure Coprocessors, Journal of Lecture Notes in Computer Science , vol. 2502, no. 1, pp. 72-89, 2002.

[17] Smith S., Outbound Authentication for Programmable Secure Coprocessors, in Proceedings of the 7 th European Symposium on Research in Computer Security , Springer- Verlag, pp. 72-89, 2002.

[18] Thober M., Pendergrass J., and McDonell C., Improving Coherency of Runtime Integrity Measurement, in Proceedings of the 3 rd ACM Workshop on Scalable Trusted Computing , USA, pp. 51-60, 2008.

[19] Trusted Computing Group, Trusted Platform Module Main Specification, Part 1: Design Principles, Part 2: TPM Structures, Part 3: Commands, Version 1.2, Revision 62, 2003.

[20] Trusted Computing Group, available at:, last visited 2010. 242 The International Arab Journal of Information Techn ology, Vol. 9, No. 3, May 2012 Shadi Aljawarneh holds a BSc degree in computer science from Yarmouk University in Jordan, a MSc degree in information technology from Western Sydney University and a PhD in software engineering from Northumbria University-England. He is currently assistant prof. in faculty of IT in Isra University, Jordan where he h as worked since 2008. His research is centered in web and network security, e-learning, bioinformatics, and I CT fields. Aljawarneh has presented at and been on the organizing committees for a number of international conferences and is a board member of the Internatio nal Community for ACM, ACS, and others. Abdullah Alhaj he awarded the BSc and MSc degree in computer engineering from Lvov Polytechnic Institute Lvov, USSR in 1988. Between 1991 and 1996 he worked for the Ministry of Education and Altahaddi University, Libya. Later, in 1997 to 2007 he worked as a lecturer for the Min istry of Higher Education (Colleges of education and appl ied sciences) in Sultanate of Oman. In November 2007 he got his PhD in computer network security from the University of Bradford, UK. His main expertise and areas of interest are in computer networks, network security and computer architecture. He is currently an assistant professor in computer science department, faculty of science and IT, University of Jordan, Aq aba, Jordan.