Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Minghui Zhou,Haiyan Zhao,Hong Mei

DOI: https://doi.org/10.1109/ICWS.2006.14

2006-01-01

Abstract:In the service-oriented architecture, the components deployed on application servers are published as Web services. Though many researches focus on how to authorize at the Web service level currently, there is little work involving the authorization gap between the service and its component implementation. This paper tries to bridge the gap by proposing a service-oriented trust management model, which expands the application server's capability to deal with more complex trust relationship between service users and services, and supplies a flexible trust management mechanism to integrate authentication and authorization together. Moreover, the model provides a finer granularity access control, sustains delegation between users, and has a certain extent reasoning capability. The model has been implemented in a J2EE application server, and the experiment has demonstrated that the model has high flexibility and scalability

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Chao Chen,Ke Wang,Yiqi Dai

DOI: https://doi.org/10.1109/cis.2009.141

2009-01-01

Abstract:The security and trustworthiness of enterprise networks have been a major concern in the research and practice of Intranet security. The security of endpoints and their network access are inevitably two important factors regarding enterprise network security. In this paper we present a novel architecture to enforce controls on endpoint application execution and network access, in which the Policy Decision Point (PDP) and Policy Enforcement Point (PEP) are introduced. A hybrid mechanism is proposed such that the control of application and network access of endpoints are integrated. Security analysis and performance evaluation prove that the proposed architecture maintains a balance between security and flexibility of enterprise network control.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

2016-01-01

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, e.g., smart hardware, wearable devices, mobile devices. Typically, these devices use universal hardware and software to connect with public network by internet, and are probably open to security threats from Trojan, virus and other malware. As a result, not only personal sensitive data is threatened, economic interests in industry are also compromised. To address the run-time security problems efficiently, first a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Last, both analytical and experimental evaluations are given in the end. The experimental results demonstrate that the proposed security scheme is effective and feasible.

Yutao Tang,Zhengrui Qin,Zhiqiang Lin,Yue Li,Shanhe Yi,Fengyuan Xu,Qun Li

DOI: https://doi.org/10.1109/tc.2022.3152074

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Increasingly, many security and privacy-sensitive applications are running on mobile platforms. However, as mobile operating systems are becoming increasingly sophisticated, they are vulnerable to various attacks. In addressing the need of running high assurance mobile apps in a secure environment even though the operating systems are untrusted, this paper presents vTrust, a new mobile app trusted execution environment, which offloads the general execution and storage of a mobile app to a trusted remote server (e.g., a VM running in a cloud) and secures the I/O between the server and the mobile device with the aid of a trusted hypervisor on the mobile device. Specifically, vTrust establishes an encrypted I/O channel between the local hypervisor and the remote server. In this way, any sensitive data flowing through the mobile OS, which the hypervisor hosts, is encrypted from the perspective of the local mobile OS. To enhance the performance of vTrust, we have also designed multiple optimizations, such as output data compression and selective sensor data transmission. We have implemented vTrust, and our evaluation shows that it has limited impact on both user experience and the application performance.

engineering, electrical & electronic,computer science, hardware & architecture

Weili Han,Min Xu,Weidong Zhao,Guofu Li

DOI: https://doi.org/10.1016/j.jnca.2009.12.012

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:This paper proposes a trusted decentralized access control (TDAC) framework for the client/server architecture. As the fundamental principle, TDAC enforces access control policies at the client side and protects sensitive objects at the server side by leveraging trusted computing technologies. Compared with the previous work of Sandhu and Zhang (2005), TDAC uses fewer requirements for trusted components. To implement TDAC, we design a private trusted reference monitor that runs at the client side, evaluates an access control request, and signs a temporary access control credential for a client application trustworthily; we also design a master reference monitor that runs at the server side, evaluates the request from the client application only according to the temporary access control credential. As a typical application, TDAC can protect client's private context data in subject-context aware access control.

Franz Gregor,Wojciech Ozga,Sébastien Vaucher,Rafael Pires,Do Le Quoc,Sergei Arnautov,André Martin,Valerio Schiavoni,Pascal Felber,Christof Fetzer

DOI: https://doi.org/10.48550/arXiv.2003.14099

2020-03-31

Abstract:Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they are properly configured and securely provisioned with the "secrets" (e.g., encryption keys) necessary to preserve not only the confidentiality, integrity and freshness of their data but also their code. Furthermore, these secrets should not be kept under the control of a single stakeholder - which might be compromised and would represent a single point of failure - and they must be protected across software versions in the sense that attackers cannot get access to them via malicious updates. Traditional approaches for solving these challenges often use ad hoc techniques and ultimately rely on a hardware security module (HSM) as root of trust. We propose a more powerful and generic approach to trust management that instead relies on trusted execution environments (TEEs) and a set of stakeholders as root of trust. Our system, PALAEMON, can operate as a managed service deployed in an untrusted environment, i.e., one can delegate its operations to an untrusted cloud provider with the guarantee that data will remain confidential despite not trusting any individual human (even with root access) nor system software. PALAEMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services. Our evaluation on a range of benchmarks and real applications shows that PALAEMON performs efficiently and can protect secrets of services without any change to their source code.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

潘静,徐锋,王远,张林,吕建

2006-01-01

Abstract:Most existing trust management systems have two main problems,(1)hard to provide security guarantee for web resources since their implements do not comply with Web Service standards;(2)the chief trust engine runs at a low efficiency,cannot fulfill demands of on time security policy in the all long changeable environment.We use java language to design and implement a trust engine oriented to Web Service based on mobile agent to satisfy security demands in the open and dynamic web environment.The main work of trust engine is to verify whether a web resource can be visited by some client.We use mobile agent to do bidirectional trust chain discovery to improve the efficiency of the trust engine.

Qiuyan Zhang,Chao Chen,Shuren Liao,Yiqi Dai

DOI: https://doi.org/10.1007/978-3-642-14350-2_42

2010-01-01

Abstract: The computer terminal plays an import role in the security of whole Local Area Network. However, the uncontrolled way of bootstrap brings about difficulties of providing sufficient trustworthiness to the LAN. To enforce the terminal security of the LAN and especially its ability of resisting ill-meaning tampering, this paper puts forward a server-based bootstrap architecture, based on the trusted computing technology. By verifying the integrity of the terminal before booting the OS, this architecture can effectively prevent the terminal from booting into a tampered OS, and the recovery module meanwhile enforces the robustness of the system. We present an implementation of the architecture, which extends the Trusted GRUB by adopting an attestation process between the GRUB level and the attestation server. The performance analysis shows that at a low time delay, the security of the system has been improved, and the proposed architecture can also provide server with stronger control and management ability towards the whole LAN.

Wenhao Wang,Linke Song,Benshan Mei,Shuang Liu,Shijun Zhao,Shoumeng Yan,XiaoFeng Wang,Dan Meng,Rui Hou

2024-10-24

Abstract:Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.9\times$ -- $2.1\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

Cryptography and Security,Hardware Architecture

Nikolaus von Bomhard,Bernd Ahlborn,Catherine Mason,Ulrich Mansmann

DOI: https://doi.org/10.1371/journal.pone.0202752

2018-07-27

Abstract:A growing framework of legal and ethical requirements limit scientific and commercial evalua-tion of personal data. Typically, pseudonymization, encryption, or methods of distributed com-puting try to protect individual privacy. However, computational infrastructures still depend on human system administrators. This introduces severe security risks and has strong impact on privacy: system administrators have unlimited access to the computers that they manage in-cluding encryption keys and pseudonymization-tables. Distributed computing and data obfuscation technologies reduce but do not eliminate the risk of privacy leakage by administrators. They produce higher implementation effort and possible data quality degradation. This paper proposes the Trusted Server as an alternative approach that provides a sealed and inaccessible computational environment in a cryptographically strict sense. During operation or by direct physical access to storage media, data stored and processed inside the Trusted Server can by no means be read, manipulated or leaked, other than by brute-force. Thus, secure and privacy-compliant data processing or evaluation of plain person-related data becomes possible even from multiple sources, which want their data kept mutually secret.

Cryptography and Security,Computers and Society

TAN Zhiyong,SI Tiange,LIU Ouo,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.07.023

2009-01-01

Abstract:A trusted computing model was developed for the non-local-storage characteristics of the server-end storage computer architecture. The model achieves high flexibility and scalability by replacing the original trusted platform module (TPM) hardware with a software module implemented on the server. The model ensures the security of the computing platform by establishing a complete trust chain from the beginning of the boot stage of the client operating system. Implementation of a prototype system shows that since the server measures the trust of all clients, a security strategy can be formulated to implement real trustworthiness on the entire local area network.

Spyridon Mastorakis,Tahrina Ahmed,Jayaprakash Pisharath

DOI: https://doi.org/10.48550/arXiv.1802.06970

2018-02-20

Networking and Internet Architecture

Abstract:Nowadays, enterprises widely deploy Network Functions (NFs) and server applications in the cloud. However, processing of sensitive data and trusted execution cannot be securely deployed in the untrusted cloud. Cloud providers themselves could accidentally leak private information (e.g., due to misconfigurations) or rogue users could exploit vulnerabilities of the providers' systems to compromise execution integrity, posing a threat to the confidentiality of internal enterprise and customer data. In this paper, we identify (i) a number of NF and server application use-cases that trusted execution can be applied to, (ii) the assets and impact of compromising the private data and execution integrity of each use-case, and (iii) we leverage Intel's Software Guard Extensions (SGX) architecture to design Trusted Execution Environments (TEEs) for cloud-based NFs and server applications. We combine SGX with the Data Plane Development KIT (DPDK) to prototype and evaluate our TEEs for a number of application scenarios (Layer 2 frame and Layer 3 packet processing for plain and encrypted traffic, traffic load-balancing and back-end server processing). Our results indicate that NFs involving plain traffic can achieve almost native performance (e.g., ~22 Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while NFs involving encrypted traffic and server processing can still achieve competitive performance (e.g., ~12 Million Packets Per Second for server processing for 64-byte frames).

Mark O'Neill,Scott Heidbrink,Jordan Whitehead,Scott Ruoti,Dan Bunker,Kent Seamons,Daniel Zappala

DOI: https://doi.org/10.48550/arXiv.1610.08570

2016-10-27

Abstract:We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We design and evaluate a prototype implementation of TrustBase on Linux, evaluate its security, and demonstrate that it has negligible overhead and universal compatibility with applications. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.

Cryptography and Security

Dong Xie,Jinghua Yang,Bin Wu,Weixin Bian,Fulong Chen,Taochun Wang

DOI: https://doi.org/10.1109/tifs.2024.3362589

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:In a mobile edge computing environment, the computing tasks of resource-constrained IoT devices are often offloaded to mobile edge computing servers for processing. In order to ensure the security of the task offloading process, both parties need to perform mutual authentication and negotiate a session key first. The security defenses in the existing authentication schemes are often only aimed at external attackers, while ignoring the possible malicious behaviors of semi-trusted servers. Furthermore, they cannot effectively take into account the device-side lightweight and security, as well as the load problem of a single registry. In this paper, we propose a new anonymous authentication key agreement scheme that fully considers the resource constraints of terminal devices and the security risks of semi-trusted servers. In the scheme, we use the method of generating pairing information during registration to avoid the server-side directly contacting the user's private information, and support trusted third parties not to participate in the authentication process. In addition, by setting up authentication servers to outsource computing tasks, the device-side can avoid blindly selecting a computing server for task offloading, achieve accurate task assignment and efficient execution of authentication. We use Real-Or-Random model and BAN logic to demonstrate the security of the proposed scheme, and use the ProVerif tool to verify its authenticated reachability and confidentiality. Compared with other schemes with the same structure, this scheme is superior to similar schemes, and has higher security on the basis of ensuring the least amount of computation on the device-side.

computer science, theory & methods,engineering, electrical & electronic

古亮,郭耀,王华,邹艳珍,谢冰,邵维忠

DOI: https://doi.org/10.3724/sp.j.1001.2010.0789

2010-01-01

Journal of Software

Abstract:This paper extends the software trustworthiness evidence framework to include the runtime software trustworthiness evidence.To collect software trustworthiness evidence in an objective,genuine and comprehensive way,it proposes a runtime software trustworthiness evidence collection mechanism based on trusted computing technology.Based on the features provided by TPM(trusted platform module),as well as the late launch technology,a trusted evidence collection agent is introduced in an operating system kernel.The agent can securely monitor executing programs and collect their trustworthiness evidence accordingly.The agent also provides some trusted services for programs to collect application specific evidences and guarantees the trustworthiness of these evidences.This mechanism has good scalability to support various applications and software trustworthiness evaluation models.This paper also implements a prototype for the agent based on Linux security model in Linux.Based on the prototype,it studies the trustworthiness evaluation for executing a client program in a distributed computing environment.In this application,the performance of prototype is studied,and the feasibility of this approach is demonstrated.

Jun Li,Xiaolin Zheng,Deren Chen,William Wei Song

DOI: https://doi.org/10.4018/jwsr.2012070102

2012-01-01

International Journal of Web Services Research

Abstract:In a service-oriented environment, it is inevitable and indeed quite common to deal with web services, whose reliability is unknown to the users. The reputation system is a popular technique currently used for providing a global quality score of a service provider to requesters. However, such global information is far from sufficient for service requesters to choose the most qualified services. In order to tackle this problem, the authors present a trust based architecture containing a computational trust model for quantifying and comparing the trustworthiness of services. In this trust model, they firstly construct a network based on the direct trust relations between participants and rating similarity in service oriented environments, then propose an algorithm for propagating trust in the social network based environment which can produce personalized trust information for a specific service requester, and finally implement the trust model and simulate various malicious behaviors in not only dense but also sparse networks which can verify the attack-resistant and robustness of the proposed approach. The experiment results also demonstrate the feasibility and benefit of the approach.

Chuang Lin,Xue-Hai Peng

DOI: https://doi.org/10.1007/s11390-006-0732-2

IF: 1.871

2006-01-01

Journal of Computer Science and Technology

Abstract:In this paper, the architecture of trustworthy and controllable networks is discussed to meet arising application requirements. After reviewing the lessons and experiences of success and failure in the Internet and summarizing related work, we analyze the basic targets of providing trustworthiness and controllability. Then, the anticipant architecture is introduced. Based on the resulting design, several trustworthy and controllable mechanisms are also discussed.