Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A protocol for property-based attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Enabling Web Services Policy Negotiation with Privacy preserved using XACML
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Proceedings of the 35th annual ACM SIGUCCS fall conference
Realizing property-based attestation and sealing with commonly available hard- and software
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Research on Endpoint Isolation and Remediation Mechanism Based on Trusted Access Technology
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
Research on Trusted Access Technology of Grid Resource Based on the Virtual Machine
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
TNC-UTM: A Holistic Solution to Secure Enterprise Networks
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
A comparison of two privacy policy languages: EPAL and XACML
A comparison of two privacy policy languages: EPAL and XACML
Hi-index | 0.00 |
Network Access Control (NAC) approaches like the Trusted Computing Group's (TCG) Trusted Network Connect (TNC) enable the verification of the integrity of computing systems (also referred to as NAC assessment) both in an interoperable and fine-grained manner. Currently, the decision regarding which integrity aspects of a computing system must be verified in order to gain network access is solely made by the network operator who establishes appropriate policies. Thus the network is potentially able to read arbitrary data on the endpoint during NAC assessment. A generic mechanism allowing the user of an endpoint to control which integrity aspects of his computing system are permitted to be measured and verified by a NAC solution does not exist. We propose a solution to the problem described above: Client-side Policies. In this paper, we describe the concept of Client-side Policies and define an extension to the TNC framework that allows them to be enforced. Furthermore, we present an implementation that demonstrates the threats that arise in conjunction with NAC assessments. We show how these threats can be mitigated by implementing our Client-side Policy approach.