Verifying trustworthiness of virtual appliances in collaborative environments

Authors:
Cornelius Namiluko;Jun Ho Huh;Andrew Martin
Affiliations:
Oxford University Computing Laboratory, Oxford, UK;Information Trust Institute, University of Illinois at Urbana-Champaign;Oxford University Computing Laboratory, Oxford, UK
Venue:
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Year:
2011

Citing 13
Cited 1

The Theory and Practice of Concurrency

The Theory and Practice of Concurrency
Verifying Trustworthiness Requirements in Distributed Systems with Formal Log-file Analysis

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Workflow Mining: Discovering Process Models from Event Logs

IEEE Transactions on Knowledge and Data Engineering
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Conformance checking of processes based on monitoring real behavior

Information Systems
Trusted Logging for Grid Computing

APTC '08 Proceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference
A Process Semantics for BPMN

ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Trustable Remote Verification of Web Services

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
An ECLIPSE Plug-In for Formal Verification of BPMN Processes

CTRQ '10 Proceedings of the 2010 Third International Conference on Communication Theory, Reliability, and Quality of Service
Managing application whitelists in trusted distributed systems

Future Generation Computer Systems
Trusted virtual domains: toward secure distributed services

HotDep'05 Proceedings of the First conference on Hot topics in system dependability
The prom framework: a new era in process mining tool support

ICATPN'05 Proceedings of the 26th international conference on Applications and Theory of Petri Nets
Conformance testing: measuring the fit and appropriateness of event logs and process models

BPM'05 Proceedings of the Third international conference on Business Process Management

Provenance-Based model for verifying trust-properties

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Often in collaborative research environments that are facilitated through virtual infrastructures, there are requirements for sharing virtual appliances and verifying their trustworthiness. Many researchers assume that virtual appliances -- shared between known virtual organisations -- are naturally safe to use. However, even if we assume that neither of the sharing parties are malicious, these virtual appliances could still be mis-configured (in terms of both security and experiment requirements) or have out-of-date software installed. Based on formal methods, we propose a flexible method for specifying such security and software requirements, and verifying the virtual appliance events (captured through logs) against these requirements. The event logs are transformed into a process model that is checked against a pre-defined whitelist -- a repository of formal specifications. Verification results indicate whether or not there is any breach of the requirements and if there is a breach, the exact steps leading to it are made explicit.