Abstract
Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being, that an adversary can modify critical software components. In this paper, we present a policy-driven approach that allows us to prove the integrity of a system and which decouples authorisation logic from remote attestation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alawneh, M., Abbadi, I.M.: Sharing but protecting content against internal leakage for organisations. In: DBSec, pp. 238–253 (2008)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York (2004)
Ceccato, M., Preda, M., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: Seventh IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2007, September 30-October 1, pp. 27–36 (2007)
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, STC 2006, New York, NY, USA, pp. 7–16 (2006)
Consequence Project, http://www.consequence-project.eu/
Dvir, O., Herlihy, M., Shavit, N.: Virtual leashing: Internet-based software piracy protection. In: Proceedings of 25th IEEE International Conference on Distributed Computing Systems, ICDCS 2005, pp. 283–292 (June 2005)
Gowadia, V., Scalavino, E., Lupu, E.C., Starostin, D., Orlov, A.: Secure cross-domain data sharing architecture for crisis management. In: Proceedings of the Tenth Annual ACM Workshop on Digital Rights Management, DRM 2010, New York, NY, USA, pp. 43–46 (2010)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: USENIX Virtual Machine Research and Technology Symposium, pp. 29–41 (2004)
Jaeger, T., Sailer, R., Shankar, U.: Prima: Policy-reduced integrity measurement architecture. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, New York, NY, USA, pp. 19–28 (2006)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pages 21. USENIX Association, Berkeley (2003)
Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 283–288 (August 2009)
Nagarajan, A., Varadharajan, V., Hitchens, M., Arora, S.: On the applicability of trusted computing in distributed authorization using web services. In: DBSec, pp. 222–237 (2008)
Nagarajan, A., Varadharajan, V., Hitchens, M., Gallery, E.: Property based attestation and trusted computing: Analysis and challenges. In: NSS, pp. 278–285 (2009)
Park, J., Sandhu, R.S., Schifalacqua, J.: Security architectures for controlled digital information dissemination. In: Proc. of ACSAC, p. 224 (2000)
PrivacyCA, http://www.privacyca.com/
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, NSPW 2004, New York, NY, USA, pp. 67–77 (2004)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, pages 16. USENIX Association, Berkeley (2004)
Sandhu, R.S., Ranganathan, K., Zhang, X.: Secure information sharing enabled by Trusted Computing and PEI models. In: ASIA CCS, pp. 2–12 (2006)
Schellekens, D., Wyseur, B., Preneel, B.: Remote attestation on legacy operating systems with trusted platform modules. Sci. Comput. Program 74, 13–22 (2008)
Schmidt, A.U., Leicher, A., Cha, I., Shah, Y.: Trusted platform validation and management. International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 1(2), 1–31 (2010)
Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th USENIX Security Symposium, pp. 89–101 (2004)
TrouSerS - The open-source TCG Software Stack, http://trousers.sourceforge.net/
Trusted Computing Group, http://www.trustedcomputinggroup.org/
Trusted Grub, http://sourceforge.net/projects/trustedgrub/
Trusted Network Connect, http://www.trustedcomputinggroup.org/files/resource_files/51F9691E-1D09-3519-AD1C1E27D285F03B/TNC_Architecture_v1_4_r4.pdf
Yu, A., Feng, D.: Real-Time Remote Attestation with Privacy Protection. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 81–92. Springer, Heidelberg (2010)
Zhang, X., Gupta, R.: Hiding program slices for software security. In: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, CGO 2003, pp. 325–336. IEEE Computer Society, Washington, DC (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gopalan, A., Gowadia, V., Scalavino, E., Lupu, E. (2012). Policy Driven Remote Attestation. In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30244-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-30244-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30243-5
Online ISBN: 978-3-642-30244-2
eBook Packages: Computer ScienceComputer Science (R0)