PKI: It's Not Dead, Just Resting
Computer
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Shamon: A System for Distributed Mandatory Access Control
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Proceedings of the 2007 ACM workshop on Scalable trusted computing
VPFS: building a virtual private file system with a small trusted computing base
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Property-Based TPM Virtualization
ISC '08 Proceedings of the 11th international conference on Information Security
A Demonstrative Ad Hoc Attestation System
ISC '08 Proceedings of the 11th international conference on Information Security
Improving the scalability of platform attestation
Proceedings of the 3rd ACM workshop on Scalable trusted computing
An efficient implementation of trusted channels based on openssl
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Improvement on TCG attestation and its implication for DRM
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
Transparent mobile storage protection in trusted virtual domains
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Scalable integrity monitoring in virtualized environments
Proceedings of the fifth ACM workshop on Scalable trusted computing
Anonymous authentication with TLS and DAA
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Extending IPsec for efficient remote attestation
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
ICISS'10 Proceedings of the 6th international conference on Information systems security
What if you could actually trust your kernel?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Practical property-based attestation on mobile devices
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Catching the cuckoo: verifying TPM proximity using a quote timing side-channel
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Towards statistical queries over distributed private user data
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Trusted VM snapshots in untrusted cloud infrastructures
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Hi-index | 0.00 |
Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system "gained through TPM-based attestation" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.