Uclinux: a linux security module for trusted-computing-based usage controls enforcement
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Behavioral attestation for web services (BA4WS)
Proceedings of the 2008 ACM workshop on Secure web services
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
Behavioral Attestation for Web Services Based Business Processes
International Journal of Web Services Research
Behavioral Attestation for Web Services using access policies
Multimedia Tools and Applications
Hi-index | 0.00 |
Existing approaches for Trust Management through soft- ware alone by their very principle are uncompromising and have inherent weaknesses. Once the information leaves the service provider platform, there is no way to guaran- tee the integrity of the information on the client (or service requestor) platform. The Trusted Computing Group pro- posed a quantum leap in security, a hardware based "root of trust" by which the integrity of a platform be a client or service provider can be verified. However, there is no approach for the integration of this novel but essentially straight forward concept into the distributed application de- velopment. We believe that the complexity of Trusted Com- puting (TC) is one of the key factors that will hinder its suc- cessful integration within the web services based distributed application realm. Model-driven techniques offer a promis- ing approach to alleviate the complexity of platforms. This contribution has three objectives. First, we detail SECTET a model-driven framework for leveraging TC concepts at a higher level of abstraction. We secondly elaborate the integration of platform-independent XACML policies with the platform-specific SELinux policies. Thirdly, we share our experiences regarding the implementation results of the SECTET on TC based systems.