Role-Based Access Control Models
Computer
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Authenticated Operation of Open Computing Devices
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Outbound Authentication for Programmable Secure Coprocessors
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Secure coprocessor-based intrusion detection
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance
IEEE Transactions on Dependable and Secure Computing
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Layering negotiations for flexible attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Linking remote attestation to secure tunnel endpoints
Proceedings of the first ACM workshop on Scalable trusted computing
Chinese-wall process confinement for practical distributed coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
Daonity - Grid security from two levels of virtualization
Information Security Tech. Report
A technical architecture for enforcing usage control requirements in service-oriented architectures
Proceedings of the 2007 ACM workshop on Secure web services
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Noninvasive Methods for Host Certification
ACM Transactions on Information and System Security (TISSEC)
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Building Trusted Sub-domain for the Grid with Trusted Computing
Information Security and Cryptology
Secure Sharing of an ICT Infrastructure through Vinci
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Host-Based Security Challenges and Controls: A Survey of Contemporary Research
Information Security Journal: A Global Perspective
Improving the scalability of platform attestation
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Trustworthy clients: Extending TNC to web-based environments
Computer Communications
Integrity Management Infrastructure for Trusted Computing
IEICE - Transactions on Information and Systems
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
An Integrity Assurance Mechanism for Run-Time Programs
Information Security and Cryptology
Working set-based access control for network file systems
Proceedings of the 14th ACM symposium on Access control models and technologies
SAConf: Semantic Attestation of Software Configurations
ATC '09 Proceedings of the 6th International Conference on Autonomic and Trusted Computing
Securing elastic applications on mobile devices for cloud computing
Proceedings of the 2009 ACM workshop on Cloud computing security
Wake up or fall asleep-value implication of trusted computing
Information Technology and Management
Detecting code alteration by creating a temporary memory bottleneck
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
A security-enhanced remote platform integrity attestation scheme
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Securing the distribution and storage of secrets with trusted platform modules
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
New paradigm of inference control with trusted computing
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Content oriented virtual domains for secure information sharing across organizations
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Managing application whitelists in trusted distributed systems
Future Generation Computer Systems
SCOBA: source code based attestation on custom software
Proceedings of the 26th Annual Computer Security Applications Conference
Enforcing physically restricted access control for remote data
Proceedings of the first ACM conference on Data and application security and privacy
Semantic attestation of node integrity in overlays
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
NetQuery: a knowledge plane for reasoning about network properties
Proceedings of the ACM SIGCOMM 2011 conference
On scalability of remote attestation
Proceedings of the sixth ACM workshop on Scalable trusted computing
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Using secure coprocessors to protect access to enterprise networks
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Secure data management in trusted computing
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Bridging the gap between inter-communication boundary and internal trusted components
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
TIVA: trusted integrity verification architecture
DRMTICS'05 Proceedings of the First international conference on Digital Rights Management: technologies, Issues, Challenges and Systems
Managing critical infrastructures through virtual network communities
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Remote attestation on function execution (work-in-progress)
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Surreptitious Deployment and Execution of Kernel Agents in Windows Guests
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Data usage control enforcement in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Design and implementation of an efficient framework for behaviour attestation using n-call slides
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
Intranet access has become an essential function for corporate users. At the same time, corporation's security administrators have little ability to control access to corporate data once it is released to remote clients. At present, no confidentiality or integrity guarantees about the remote access clients are made, so it is possible that an attacker may have compromised a client process and is now downloading or modifying corporate data. Even though we have corporate-wide access control over remote users, the access control approach is currently insufficient to stop these malicious processes. We have designed and implemented a novel system that empowers corporations to verify client integrity properties and establish trust upon the client policy enforcement before allowing clients (remote) access to corporate Intranet services. Client integrity is measured using a Trusted Platform Module (TPM), a new security technology that is becoming broadly available on client systems, and our system uses these measurements for access policy decisions enforced upon the client's processes. We have implemented a Linux 2.6 prototype system that utilizes the TPM measurement and attestation, existing Linux network control (Netfilter), and existing corporate policy management tools in the Tivoli Access Manager to control remote client access to corporate data. This prototype illustrates that our solution integrates seamlessly into scalable corporate policy management and introduces only a minor performance overhead.