Mobility

Network-Based Root of Trust for Installation

Date Added: Oct 2010
Format: PDF

Administrators of large data centers often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the authors propose a network-based Root Of Trust for Installation (netROTI), an installer that binds the state of a system to its installer and disk image. Their evaluation demonstrates that a netROTI installation adds about 8 seconds overhead plus 3% of image download time to a standard network install and thwarts many known attacks against the installation process.