Symmetric behavior-based trust: a new paradigm for internet computing

Authors:
Vivek Haldar;Michael Franz
Affiliations:
University of California, Irvine, CA;University of California, Irvine, CA
Venue:
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Year:
2004

Citing 12
Cited 6

Java Virtual Machine Specification

Java Virtual Machine Specification
Using Programmer-Written Compiler Extensions to Catch Security Holes

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Introducing Microsoft .NET, Third Edition

Introducing Microsoft .NET, Third Edition
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Terra: a virtual machine-based platform for trusted computing

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Direct anonymous attestation

Proceedings of the 11th ACM conference on Computer and communications security
Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Certifying program execution with secure processors

HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Flexible OS support and applications for trusted computing

HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Semantic remote attestation: a virtual machine directed approach to trusted computing

VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Trust extension device: providing mobility and portability of trust in cooperative information systems

OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part I
Access control based on code identity for open distributed systems

TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
The need to consider both object identity and behavior in establishing the trustworthiness of network devices within a Smart Grid

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Trusted virtual domains: toward secure distributed services

HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Dynamic policy discovery with remote attestation

FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Establishing a trust relationship in cooperative information systems

ODBASE'06/OTM'06 Proceedings of the 2006 Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, GADA, and ODBASE - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current models of Internet Computing are highly asymmetric - a host protects itself from malicious mobile Java programs, but there is no way to get assurances about the behavior of a program running remotely. The asymmetry stems from a behavior-based security model: hosts ensure conformance to a given security policy by restricting the actions of programs. In contrast, security models that are based on cryptography (including code signing) are inherently symmetric by design but do not match the open architecture of the Internet and are unsuitable for reasoning about program behavior. We propose a new paradigm that combines the openness of the former with the symmetry of the latter and thereby enables completely new applications in a globally connected world.