Article

Layering negotiations for flexible attestation

Authors:

Yasuharu Katsuno,

Sachiko Yoshihama,

Takuya Mishina,

Michiharu KudohAuthors Info & Claims

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

Pages 17 - 20

https://doi.org/10.1145/1179474.1179480

Published: 03 November 2006 Publication History

Abstract

Recently, much attention has been paid to research on distributed coalitions that establish trust among the members of groups of computing components in distributed environments. The Trusted Virtual Domains (TVD) that our research division is proposing is a new model of a distributed coalition for establishing multiple trusted coalitions of components on nodes in distributed heterogeneous environments. In a large-scale distributed computing environment where many kinds of components exist and there might be difficult situations to agree common attestation methods among all components beforehand, it is necessary to provide each component with flexible attestation according to its usage scenario for increasing the number of components that can participate in TVD.In this paper, we propose a layering negotiation approach. It divides an attestation process into a global attestation phase that verifies that a TVD is fundamentally secure and supporting essential trusted primitives and a local attestation phase that verifies the integrity of a specific component involved in a usage scenario. And, a combination of attestation methods is decided as a result of negotiation between the components for each kind of attestation at each phase. With our approach, the attestation corresponding to a usage scenario can be done flexibly based on the minimal required attestation needed in the TVD, so the component developers can concentrate on the implementation of the higher-level functions.

References

[1]

Trusted Computing Group (TCG), http://www.trustedcomputinggroup.org/.

[2]

Sailer, R., Jaeger, T., Zhang, X., and Doorn, L. V. Attestation-based Policy Enforcement for Remote Access, 11th ACM Conference on Computer and Communications Security (CCS 2004), 2004.

Digital Library

[3]

Meushaw, R. and Simard, D. NetTop: Commercial Technology in High Assurance Applications, Tech Trend Notes Volume 9 Edition 4, National Security Agency, 2000.

[4]

Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. Terra: A virtual machine-based platform for trusted computing, In Proceedings of the 19th Symposium on Operating System Principles (SOSP 2003), 2003.

Digital Library

[5]

Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Griffin, J., and Doorn L. V., Building a MAC-based Security Architecture for the Xen Opensource Hypervisor, Annual Computer Security Applications Conference (ACSAC 2005), 2005.

Digital Library

[6]

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauery, R., Pratt, I., and Warfield, A. Xen and the Art of Virtualization, In Proceedings of the nineteenth ACM symposium on Operating systems principles (SOAP'03), 2003.

Digital Library

[7]

Watanabe, Y., Yoshihama, S., Mishina, T., Kudo, M., and Maruyama, H. Bridging the Gap between Inter-Communication Boundary and Inside Trusted Components, to be appeared in the 11th European Symposium On Research In Computer Security (ESORICS 2006), 2006.

Digital Library

[8]

Griffin, J. L., Jaeger, T., Perez, R., Sailer, R., Doorn, L. V., and Caceres, R. Trusted virtual domains: Toward secure distributed services, In IEEE First Workshop on Hot Topics in System Dependability (Hot-Dep2005), 2005.

Digital Library

[9]

Bussani, A., Griffin, J. L., Jansen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Doorn, L. V., Herreweghen, E A., Waidner, M., and Yoshihama, S. Trusted Virtual Domains: Secure Foundations For Business and IT Services, IBM Research Report RC23792, 2004.

[10]

Yoshihama, S. Ebringer, T., Nakamura, M., Munetoh, S., and Maruyama, H. WS-attestation: Efficient and fine-grained remote attestation on web services, International Conference on Web Services (ICWS 2005), 2005.

Digital Library

[11]

Sadeghi, A. R. and Stuble, C. Property-based attestation for computing platforms: Caring about properties, not mechanisms, New Security Paradigms Workshop, 2004.

Digital Library

[12]

Haldar, V., Chandra, D., and Franz, M. Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing, Virtual Machine Research and Technology Symposium, 2004.

Digital Library

[13]

Berger, S., Cáceres, R., Goldman, K., Perez, R., Sailer, R., Doorn, L. V. vTPM: Virtualizing the Trusted Platform Module, In 15th USENIX Security Symposium, 2006.

Digital Library

[14]

Applied Data Security Group. Trusted GRUB, http://www.prosecco.rub.de/trusted_grub.html.

[15]

McGuinness, D. L. and Harmelen, F. V. Web Ontology Language (OWL): Overview, http://www.w3.org/TR/owl-features/.

Cited By

Coker GGuttman JLoscocco PHerzog AMillen JO’Hanlon BRamsdell JSegall ASheehy JSniffen B(2018)Principles of remote attestationInternational Journal of Information Security10.1007/s10207-011-0124-710:2(63-81)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.1007/s10207-011-0124-7
Rajan HHosamani M(2008)TisaIEEE Transactions on Services Computing10.1109/TSC.2008.181:4(201-213)Online publication date: 1-Oct-2008
https://dl.acm.org/doi/10.1109/TSC.2008.18
Wu YBao F(2008)Enriched Trusted Platform and its Application on DRMProceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference10.1109/APTC.2008.10(91-97)Online publication date: 14-Oct-2008
https://dl.acm.org/doi/10.1109/APTC.2008.10
Show More Cited By

Index Terms

Layering negotiations for flexible attestation
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Flexible Mechanisms for Remote Attestation

Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering

During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

November 2006

66 pages

ISBN:1595935487

DOI:10.1145/1179474

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Gene Tsudik
University of California, Irvine, CA
,
Shouhuai Xu
University of Texas, San Antonio, TX
,
Moti Yung
RSA Labs and Columbia University

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
436
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Coker GGuttman JLoscocco PHerzog AMillen JO’Hanlon BRamsdell JSegall ASheehy JSniffen B(2018)Principles of remote attestationInternational Journal of Information Security10.1007/s10207-011-0124-710:2(63-81)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.1007/s10207-011-0124-7
Rajan HHosamani M(2008)TisaIEEE Transactions on Services Computing10.1109/TSC.2008.181:4(201-213)Online publication date: 1-Oct-2008
https://dl.acm.org/doi/10.1109/TSC.2008.18
Wu YBao F(2008)Enriched Trusted Platform and its Application on DRMProceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference10.1109/APTC.2008.10(91-97)Online publication date: 14-Oct-2008
https://dl.acm.org/doi/10.1109/APTC.2008.10
Coker GGuttman JLoscocco PSheehy JSniffen B(2008)Attestation: Evidence and Trust Information and Communications Security10.1007/978-3-540-88625-9_1(1-18)Online publication date: 20-Oct-2008
https://dl.acm.org/doi/10.1007/978-3-540-88625-9_1
Katsuno YWatanabe YFuruichi SKudo MLotz VThuraisingham B(2007)Chinese-wall process confinement for practical distributed coalitionsProceedings of the 12th ACM symposium on Access control models and technologies10.1145/1266840.1266876(225-234)Online publication date: 20-Jun-2007
https://dl.acm.org/doi/10.1145/1266840.1266876

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents