Skip to main content
SpringerLink
Log in

Privacy Enhanced Trusted Network Connect

  • Conference paper
Book cover Trusted Systems (INTRUST 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6163))

Included in the following conference series:

Abstract

Network Access Control (NAC) approaches like the Trusted Computing Group’s (TCG) Trusted Network Connect (TNC) enable the verification of the integrity of computing systems (also referred to as NAC assessment) both in an interoperable and fine-grained manner. Currently, the decision regarding which integrity aspects of a computing system must be verified in order to gain network access is solely made by the network operator who establishes appropriate policies. Thus the network is potentially able to read arbitrary data on the endpoint during NAC assessment. A generic mechanism allowing the user of an endpoint to control which integrity aspects of his computing system are permitted to be measured and verified by a NAC solution does not exist. We propose a solution to the problem described above: Client-side Policies. In this paper, we describe the concept of Client-side Policies and define an extension to the TNC framework that allows them to be enforced. Furthermore, we present an implementation that demonstrates the threats that arise in conjunction with NAC assessments. We show how these threats can be mitigated by implementing our Client-side Policy approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, A.: A Comparison of Two Privacy Policy Languages: EPAL and XACML (September 2005), http://research.sun.com/techrep/2005/abstract-147.html

  2. Bente, I., von Helden, J.: Towards trusted network access control. In: Proceedings of the First International Conference Future of Trust in Computing 2008, pp. 157–167. Vieweg + Teubner (2008)

    Google Scholar 

  3. Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)

    Chapter  Google Scholar 

  4. Cheng, V.S.Y., Hung, P.C.K., Chiu, D.K.W.: Enabling Web Services Policy Negotiation with Privacy preserved using XACML. In: HICSS 2007: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, Washington, DC, USA, p. 33. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  5. Deng, F., Luo, A., Zhang, Y., Chen, Z., Peng, X., Jiang, X., Peng, D.: TNC-UTM: A Holistic Solution to Secure Enterprise Networks, November 2008, pp. 2240–2245 (2008)

    Google Scholar 

  6. Fernandez, T., Grinnell, M., Weakland, E.: Poof: no more viruses. In: SIGUCCS 2007: Proceedings of the 35th Annual ACM SIGUCCS Conference on User Services, pp. 96–100. ACM, New York (2007)

    Chapter  Google Scholar 

  7. TCG Infrastructure Work Group. Reference Architecture for Interoperability (Part I) (June 2005), http://www.trustedcomputinggroup.org/resources/infrastructure_work_group_reference_architecture_for_interoperability_specification_part_1_version_10 (Specification Version 1.0 Revision 1)

  8. TCG Infrastructure Work Group. Reference Architecture Part II - Integrity Management (November 2006), http://www.trustedcomputinggroup.org/resources/infrastructure_work_group_architecture_part_ii_integrity_management_version_10 (Specification Version 1.0 Revision 1)

  9. TCG Trusted Network Connect Work Group. TNC Architecture for Interoperability (April 2008), http://www.trustedcomputinggroup.org/resources/tnc_architecture_for_interoperability_version_13 (Specification Version 1.3 Revision 6)

  10. TCG Trusted Network Connect Work Group. TNC IF-M: TLV Binding (February 2008) (to appear), http://www.trustedcomputinggroup.org/developers/trusted_network_connect (Specification Version 1.0 Revision 30 Public Review)

  11. TCG Trusted Platform Module Work Group. TPM Main Part 2 TPM Structures (October 2006), http://www.trustedcomputinggroup.org/resources/tpm_specification_version_12_revision_103_part_1_3 (Specification Version 1.2 Level 2 Revision 103)

  12. TCG Trusted Platform Module Work Group. TPM Main Part 3 Commands (October 2006), http://www.trustedcomputinggroup.org/resources/tpm_specification_version_12_revision_103_part_1_3 (Specification Version 1.2 Level 2 Revision 103)

  13. TCG Trusted Platform Module Work Group. TPM Main Part 1 Design Principles (July 2007), http://www.trustedcomputinggroup.org/resources/tpm_specification_version_12_revision_103_part_1_3 (Specification Version 1.2 Level 2 Revision 103)

  14. Trust@FHH Research Group. TNC@FHH Project Page, http://trust.inform.fh-hannover.de/

  15. IBM. Enterprise Privacy Authorization Language (EPAL) (June 2003), http://www.zurich.ibm.com/security/enterprise-privacy/epal/ (Version 2.0)

  16. Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM, New York (2007)

    Chapter  Google Scholar 

  17. OASIS. eXtensible Access Control Markup Language (XACML) (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf (Version 2.0)

  18. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM, New York (2004)

    Google Scholar 

  19. von Helden, J., Bente, I.: Towards real interoperable, real trusted network access control. In: ISSE 2008 Securing Electronic Business Processes, pp. 152–162. Vieweg + Teubner (2009)

    Google Scholar 

  20. Wang, Z., Feng, Q., Xu, R., Dou, Z., Chen, X.: Research on Trusted Access Technology of Grid Resource Based on the Virtual Machine, November 2008, pp. 1384–1388 (2008)

    Google Scholar 

  21. Wang, Z., Feng, Q., Xu, R., Liu, X., Li, X., Qi, N.: Design and Implementation of Wireless Trusted Access Protocol for Embedded Trusted Endpoints, October 2008, pp. 1–5 (2008)

    Google Scholar 

  22. Wang, Z., Li, X., Yao, L., Feng, Q., Wang, R.: Research on Endpoint Isolation and Remediation Mechanism Based on Trusted Access Technology, December 2008, vol. 2, pp. 89–93 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Applied Sciences and Arts, Fachhochschule Hannover, Ricklinger Stadtweg 120, 30459, Hannover, Germany

    Ingo Bente, Joerg Vieweg & Josef von Helden

Authors
  1. Ingo Bente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joerg Vieweg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Josef von Helden
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bente, I., Vieweg, J., von Helden, J. (2010). Privacy Enhanced Trusted Network Connect. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14597-1_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14596-4

  • Online ISBN: 978-3-642-14597-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation