Veto: Prohibit Outdated Edge System Software from Booting
Abstract
Edge computing emerges as a trend, forming a link between the Internet of Things and cloud-based services.
Large-scale edge deployments are already in place today in the context of communication network providers
that offload more and more tasks to the edge to ensure high flexibility and low latencies. By relying on remote
attestation and disk encryption techniques, we design a novel system architecture that protects confidential
data on edge nodes in the case of device theft. Recent vulnerabilities like Ripple20 and Amnesia:33 show the
consequences and costs of critical security bugs stemming from outdated system software. Thus, we design
our system in a way that a node can derive its decryption key if and only if a trusted remote party (e.g., a
network operator) can verify that it is running the latest software. This is a security feature that prevalent
implementations like Linux’s dm-crypt lack. To secure the early-boot communication, we rely on a trusted
execution environment, hardware offloading, and Rust device drivers. We prototype our system on two recent
ARMv8 devices and show that the performance overhead (≈ 2%) and the boot delay (1s) are low. Thus, we
believe that our concept is a meaningful step towards more secure future edge devices.
mehrMehr zum Titel
| Titel | Veto: Prohibit Outdated Edge System Software from Booting |
|---|---|
| Medien | Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP 2023) |
| Verlag | SciTePress |
| ISBN | 978-989-758-624-8; ISSN 2184-4356 |
| Verfasser | Jonas Röckl, Adam Wagenhäuser, Prof. Dr. Tilo Müller |
| Seiten | 46-57 |
| Veröffentlichungsdatum | 23.02.2023 |
| Zitation | Röckl, Jonas; Wagenhäuser, Adam; Müller, Tilo (2023): Veto: Prohibit Outdated Edge System Software from Booting. Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP 2023), 46-57. DOI: 10.5220/0011627700003405 |