Abstract
Hardware security modules can be used to encapsulate simple security services that bind security functions such as decryption with authorisation and authentication. Such hardware secured services provide a functional root of trust that can be placed within context of a wider IT solution hence enabling strong separations of control and duty.
This paper describes an approach to using such hardware-encapsulated services to create virtual trust domains within a deployed solution. This trust domain is defined by the hardware protection regime, the service code and the policies under which it is managed. An example is given, showing how a TLS session within a web service environment can be protected and how this service can extend the secure communications into the backend systems.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Monahan, B.: From security protocols to systems security: A case for systems security modeling tools. In: Proceedings of the 11th Cambridge International Workshop on Security Protocols. LNCS. Springer, Heidelberg (2003)
Dalton, C.I., Griffin, J.: Applying military grade security to the internet. In: Joint European Networking Conference, Edinburgh (1997)
Baldwin, A., Beres, Y., Casassa Mont, M., Shiu, S.: Trust services: Reducing risk in e-commerce. In: Proceedings of the International Conference on E-Commerce Research (2001)
Baldwin, A., Shiu, S., Casassa Mont, M.: Trust services: A framework for service based solutions. In: 26th IEEE Computer Software and Applications Conference (COMPSAC), Oxford, UK (2002)
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. Journal of Cryptology 3, 99–111 (1991)
Goh, C., Baldwin, A.: Towards a more complete model of roles. In: 3rd ACM Workshop on Role-Based Access, pp. 55–61 (1998)
RSA: PKCS#11 v2.11 cryptographic token interface standard (2001)
FIPS: Security requirements for c yptographic modules. Fips 140-2 (2001)
Smith, S., Palmer, E., Weingart, S.: Using a high performance programmable secure coprocessor. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 73–89. Springer, Heidelberg (1998)
Itoi, N.: Secure coprocessor integration with Kerberos V5. In: Usenix Security Symposium, pp. 113–128 (2000)
Smith, S., Safford, D.: Practical private information retrieval with secure coprocessors. Technical report, IBM Research T.J. Watson Research Centre (2000)
Smith, R.: Cost profile of a highly assured, secure operating system. ACM Transactions on Information Systems Security (2000)
Pearson, S. (ed.): Trusted Computing Platforms: TCPA technology in context. HP books. Prentice-Hall, Englewood Cliffs (2002)
Sloman, M., Lupu, E.: Policies for distributed systems and networks. In: Proceedings of the 2nd International Policy Workshop. LNCS, vol. 1995. Springer, Heidelberg (2001)
Grandison, T., Sloman, M.: Sultan - a language of trust specification and analysis. In: Proceedings of the 8th Workshop of the HP Openview University association (2001)
Casassa Mont, M., Baldwin, A., Goh, C.: Power prototype: Towards integrated policy based management. In: Hong, J., R.W. (eds.) Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 789–802 (2000)
Baldwin, A., Shiu, S.: Encryption and key management in a SAN. In: IEEE Security In Storage Workshop, SISW 2002 (2002)
Baldwin, A., Shiu, S.: Hardware security appliances for trust. In: First International Conference on Trust Management. LNCS. Springer, Heidelberg (2003)
Ferreira, A., Shiu, S., Baldwin, A.: Towards accountability for electronic patient records. In: The 16th IEEE Symposium on Computer-Based Medical Systems (2003)
Baldwin, A., Shiu, S.: Enabling shared audit data. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 14–28. Springer, Heidelberg (2003)
Kurniawan, B.: Java for the Web with Servlets, JSP and EJB. A developer’s guide to J2EE solutions. Que (2002)
Richter, J.: Applied Microsoft.Net Framework Programming. Microsoft Press (2002)
Dierks, T., Allen, C.: The TLS protocol version 1.0. IETF RFC 2246 (1999)
Freier, A., Karlton, P., Kocher, P.: The SSL protocol version 3.0. IETF Internet Draft (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baldwin, A., Shiu, S. (2003). Hardware Encapsulation of Security Services. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive