Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Mobile Information and Communication Systems

MobiSec 2011: Security and Privacy in Mobile Information and Communication Systems pp 148–159Cite as

Policy Driven Remote Attestation

  • Conference paper

Abstract

Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being, that an adversary can modify critical software components. In this paper, we present a policy-driven approach that allows us to prove the integrity of a system and which decouples authorisation logic from remote attestation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alawneh, M., Abbadi, I.M.: Sharing but protecting content against internal leakage for organisations. In: DBSec, pp. 238–253 (2008)

    Google Scholar 

  2. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York (2004)

    Google Scholar 

  3. Ceccato, M., Preda, M., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: Seventh IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2007, September 30-October 1, pp. 27–36 (2007)

    Google Scholar 

  4. Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, STC 2006, New York, NY, USA, pp. 7–16 (2006)

    Google Scholar 

  5. Consequence Project, http://www.consequence-project.eu/

  6. Dvir, O., Herlihy, M., Shavit, N.: Virtual leashing: Internet-based software piracy protection. In: Proceedings of 25th IEEE International Conference on Distributed Computing Systems, ICDCS 2005, pp. 283–292 (June 2005)

    Google Scholar 

  7. Gowadia, V., Scalavino, E., Lupu, E.C., Starostin, D., Orlov, A.: Secure cross-domain data sharing architecture for crisis management. In: Proceedings of the Tenth Annual ACM Workshop on Digital Rights Management, DRM 2010, New York, NY, USA, pp. 43–46 (2010)

    Google Scholar 

  8. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: USENIX Virtual Machine Research and Technology Symposium, pp. 29–41 (2004)

    Google Scholar 

  9. Jaeger, T., Sailer, R., Shankar, U.: Prima: Policy-reduced integrity measurement architecture. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, New York, NY, USA, pp. 19–28 (2006)

    Google Scholar 

  10. Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, pages 21. USENIX Association, Berkeley (2003)

    Google Scholar 

  11. Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 283–288 (August 2009)

    Google Scholar 

  12. Nagarajan, A., Varadharajan, V., Hitchens, M., Arora, S.: On the applicability of trusted computing in distributed authorization using web services. In: DBSec, pp. 222–237 (2008)

    Google Scholar 

  13. Nagarajan, A., Varadharajan, V., Hitchens, M., Gallery, E.: Property based attestation and trusted computing: Analysis and challenges. In: NSS, pp. 278–285 (2009)

    Google Scholar 

  14. Park, J., Sandhu, R.S., Schifalacqua, J.: Security architectures for controlled digital information dissemination. In: Proc. of ACSAC, p. 224 (2000)

    Google Scholar 

  15. PrivacyCA, http://www.privacyca.com/

  16. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, NSPW 2004, New York, NY, USA, pp. 67–77 (2004)

    Google Scholar 

  17. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, pages 16. USENIX Association, Berkeley (2004)

    Google Scholar 

  18. Sandhu, R.S., Ranganathan, K., Zhang, X.: Secure information sharing enabled by Trusted Computing and PEI models. In: ASIA CCS, pp. 2–12 (2006)

    Google Scholar 

  19. Schellekens, D., Wyseur, B., Preneel, B.: Remote attestation on legacy operating systems with trusted platform modules. Sci. Comput. Program 74, 13–22 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  20. Schmidt, A.U., Leicher, A., Cha, I., Shah, Y.: Trusted platform validation and management. International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 1(2), 1–31 (2010)

    Article  Google Scholar 

  21. Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th USENIX Security Symposium, pp. 89–101 (2004)

    Google Scholar 

  22. TrouSerS - The open-source TCG Software Stack, http://trousers.sourceforge.net/

  23. Trusted Computing Group, http://www.trustedcomputinggroup.org/

  24. Trusted Grub, http://sourceforge.net/projects/trustedgrub/

  25. Trusted Network Connect, http://www.trustedcomputinggroup.org/files/resource_files/51F9691E-1D09-3519-AD1C1E27D285F03B/TNC_Architecture_v1_4_r4.pdf

  26. Yu, A., Feng, D.: Real-Time Remote Attestation with Privacy Protection. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 81–92. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Zhang, X., Gupta, R.: Hiding program slices for software security. In: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, CGO 2003, pp. 325–336. IEEE Computer Society, Washington, DC (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, Imperial College London, 180, Queen’s Gate, London, SW7 2RH, U.K.

    Anandha Gopalan, Vaibhav Gowadia, Enrico Scalavino & Emil Lupu

Authors
  1. Anandha Gopalan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vaibhav Gowadia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Enrico Scalavino
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emil Lupu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Aalborg University, Niels Jernes Vej 10, 9220, Aalborg, Denmark

    Ramjee Prasad

  2. University of West Hungary, Sopron, and Budapest University of Technology and Economics, 1117, Budapest, Hungary

    Károly Farkas

  3. Novalyst IT AG, Robert-Bosch Str. 38, 61184, Karben, Germany

    Andreas U. Schmidt

  4. Dipartimento di Automatica e Informatica, Politecnico di Torino, 10129, Torino, Italy

    Antonio Lioy

  5. CREATE-NET Research Consortium, via alla Cascata 56D, 38121, Trento, Italy

    Giovanni Russello

  6. Dipartimento di Informatica, Università Ca’ Foscari di Venezia, via Torino 155, 30172, Mestre, VE, Italy

    Flaminia L. Luccio

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Gopalan, A., Gowadia, V., Scalavino, E., Lupu, E. (2012). Policy Driven Remote Attestation. In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30244-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30244-2_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30243-5

  • Online ISBN: 978-3-642-30244-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation