Trusted isolation environment: an attestation architecture with usage control model

Authors:
Anbang Ruan;Qingni Shen;Liang Gu;Li Wang;Lei Shi;Yahui Yang;Zhong Chen
Affiliations:
School of Software and Microelectronics, Peking University, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China;Key Laboratory of High Confidence Software Technologies, Peking University, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China;Key Laboratory of High Confidence Software Technologies, Peking University, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China
Venue:
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Year:
2009

Citing 13
Cited 0

Terra: a virtual machine-based platform for trusted computing

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The flask security architecture: system support for diverse security policies

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Towards a VMM-based usage control framework for OS kernel integrity protection

Proceedings of the 12th ACM symposium on Access control models and technologies
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Linux kernel integrity measurement using contextual inspection

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Flicker: an execution infrastructure for tcb minimization

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Model-based behavioral attestation

Proceedings of the 13th ACM symposium on Access control models and technologies
Remote attestation on program execution

Proceedings of the 3rd ACM workshop on Scalable trusted computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Trusted Computing Group (TCG) proposed remote attestation as a solution for establishing trust among distributed applications. However, current TCG attestation architecture requires challengers to attest to every program loaded on the target platform, which will increase the attestation overhead and bring privacy leakage and other security risks. In this paper, we define a conceptual model called the Trusted Isolation Environment (TIE) to facilitate remote attestation. We then present the implementation of TIE with our tailored Usage CONtrol model (UCONRA) and a set of system-defined policies. With its continuous and mutable feature and obligation support, we construct the TIE with flexibility. Lastly, we propose our attestation architecture with UCONRA gaining the benefits of scalable and lightweight.