Network-Based Root of Trust for Installation
Administrators of large data centers often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compromised machines responding to installation requests with malware. To enable verification that running machines were installed correctly, the authors propose a network-based Root Of Trust for Installation (netROTI), an installer that binds the state of a system to its installer and disk image. Their evaluation demonstrates that a netROTI installation adds about 8 seconds overhead plus 3% of image download time to a standard network install and thwarts many known attacks against the installation process.