short-paper

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

Authors:

Oliver Stengele,

Jan Droll,

Hannes HartensteinAuthors Info & Claims

Middleware '20 Demos and Posters: Proceedings of the 21st International Middleware Conference Demos and Posters

Pages 9 - 10

https://doi.org/10.1145/3429358.3429374

Published: 21 December 2020 Publication History

Get Access

Abstract

Ensuring the integrity of executable binaries is of vital importance to systems that run and depend on them. Additionally, supply-chain attacks and security related bugs demonstrate that binaries, once deployed, may need to be revoked and replaced with updated versions.

Recently, blockchain ecosystems have garnered broad attention as middlewares for decentralised solutions to existing problems. Stengele et al. [4] presented a concept how the Ethereum blockchain and peer-to-peer network can be used to ensure the integrity of binaries with timely, accurate, and machine-readable revocations. In this work, we show this concept in practice with a user client implementation in Go and demonstrate how revocations and updates can reliably reach a user client within minutes. We show the client's ability to ensure the integrity of multiple binaries and continuously monitor the Ethereum blockchain for updates and revocations via an unmodified Ethereum client. We also examine the trust relations and trade-offs through our use case. Since the user client fully relies on an Ethereum client as a gateway, the latter's resilience against malicious actors is crucial to consider in a practical deployment.

References

[1]

M. Al-Bassam and S. Meiklejohn. 2018. Contour: A practical system for binary transparency. In Data Privacy Management, Cryptocurrencies and Blockchain Technology. Springer, Cham, 94--110.

Google Scholar

[2]

Y. Liu, W. Tome, L. Zhang, D. Choffnes, D. Levin, B. Maggs, A. Mislove, A. Schulman, and C. Wilson. 2015. An end-to-end measurement of certificate revocation in the web's PKI. In Proceedings of the 2015 Internet Measurement Conference. Association for Computing Machinery, New York, NY, USA, 183--196.

Digital Library

Google Scholar

[3]

K. Nikitin, E. Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi, J. Cappos, and B. Ford. 2017. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1271--1287.

Digital Library

Google Scholar

[4]

O. Stengele, A. Baumeister, P. Birnstill, and H. Hartenstein. 2019. Access Control for Binary Integrity Protection using Ethereum. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, New York, NY, USA, 3--12.

Digital Library

Google Scholar

Cited By

View all

Stengele OWestermeyer CHartenstein H(2022)Decentralized Review and Attestation of Software Attribute ClaimsIEEE Access10.1109/ACCESS.2022.318504610(66694-66710)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3185046
Schiffl JGrundmann MLeinweber MStengele OFriebe SBeckert BLobo JDi Pietro RChowdhury O(2021)Towards Correct Smart Contracts: A Case Study on Formal Verification of Access ControlProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463574(125-130)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463574

Index Terms

Practical Trade-Offs in Integrity Protection for Binaries via Ethereum

Recommendations

Access Control for Binary Integrity Protection using Ethereum
SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

The integrity of executable binaries is essential to the security of any device that runs them. At best, a manipulated binary can leave the system in question open to attack, and at worst, it can compromise the entire system by itself. In recent years, ...
BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust
Information Security
Abstract
A reliable certificate revocation mechanism is crucial, as illustrated by the recent revocation of 1.7 million certificates issued by the Let’s Encrypt certificate authority. It is just as essential to get revocation information to users in an ...
Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing
Advanced Topics on Scalable Computing

In the cloud computing infrastructure, there is an increasing demand to maintain and verify the integrity of software stacks running on remote systems and protect users' sensitive data. However, due to the fact that software stacks running on cloud ...

Comments

Information & Contributors

Information

Published In

Middleware '20 Demos and Posters: Proceedings of the 21st International Middleware Conference Demos and Posters

December 2020

15 pages

ISBN:9781450382021

DOI:10.1145/3429358

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 December 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

Middleware '20

Sponsor:

Middleware '20: 21st International Middleware Conference

December 7 - 11, 2020

Delft, Netherlands

Acceptance Rates

Overall Acceptance Rate 203 of 948 submissions, 21%

Upcoming Conference

MIDDLEWARE '24

25th International Middleware Conference

December 2 - 6, 2024

Hong Kong , Hong Kong

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
65
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Stengele OWestermeyer CHartenstein H(2022)Decentralized Review and Attestation of Software Attribute ClaimsIEEE Access10.1109/ACCESS.2022.318504610(66694-66710)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3185046
Schiffl JGrundmann MLeinweber MStengele OFriebe SBeckert BLobo JDi Pietro RChowdhury O(2021)Towards Correct Smart Contracts: A Case Study on Formal Verification of Access ControlProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463574(125-130)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463574

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Access Control for Binary Integrity Protection using Ethereum

BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust

Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Access Control for Binary Integrity Protection using Ethereum

BlockVoke – Fast, Blockchain-Based Certificate Revocation for PKIs and the Web of Trust

Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations