Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

Cui Yan-Li,Xing Zhang

DOI: https://doi.org/10.1109/PACIIA.2009.5406422

2009-01-01

Abstract:For trusted computing technology, as the basis of remote attestation, system integrity measurement whose theory model and application research is all along a discussed focus. Integrity measurement of binary system of trusted computing technology used the transmission model of trust chain, but the development of this model is late to the development of remote attestation. This paper mainly concerns systems integrity measurement of property remote attestation, adds certificate authority and trusted property authority based on the original binary integrity measurement, realizes the conversion from binary fingerprints convert to property remote attestation. Combining the new features of property remote attestation, this paper uses the predicate logic to prove the credibility of systems integrity measurement of property remote attestation. ©2009 IEEE.

Liang Gu,Xuhua Ding,Robert H. Deng,Yanzhen Zou,Bing Xie,Weizhong Shao,Hong Mei

DOI: https://doi.org/10.1109/icycs.2008.349

2008-01-01

Abstract:Remote attestation was introduced in TCG specifications to determine whether a remote system is trusted to behave in a particular manner for a specific purpose; however, most of the existing approaches attest only the integrity state of a remote system and hence have a long way to go in achieving the above attestation objective. Behavior-based attestation and semantic attestation were recently introduced as solutions to approach the TCG attestation objective. In this paper, we extend behavior-based attestation to a model-driven remote attestation to prove that a remote system is trusted as defined by TCG. Our model-driven remote attestation verifies two compliance requirements to prove the trustworthiness of a remote system: expected behavior compliance and enforced behavior compliance.

xuhua ding,liang gu,robert h deng,bing xie,hong mei

DOI: https://doi.org/10.4018/978-1-61520-682-7.ch001

2010-01-01

Abstract:One of the key mechanisms for trust establishment among different platforms is remote attestation, which allows a platform to vouch for its trust related characteristics to a remote challenger. In this chapter, the authors propose a new conceptual model for remote attestation consisting of four basic ingredients: root of trust, attestation objective, object measurement, and attestation process. With this model, they present a systematic study on the remote attestation, including the methodologies applied for implementing the four elements and the principles for designing an attestation scheme. The authors also examine existing remote attestation schemes in the literature by grouping them into two main types: integrity attestation and quality attestation. They discuss both the strength and the limitations of each type of scheme and explain how they can be applied in trust management in distributed environment.

TC Ma,SP Li

DOI: https://doi.org/10.1109/clustr.2003.1253356

2003-01-01

Cluster Computing

Abstract:In this paper, an instance-oriented security mechanism is proposed, to attack possible security threats in grid-based mobile agent system. The proposed delegation profile allows application systems to define their own security instances, while it provides mechanisms to delegate one's identity on those instances, instead of on certain hosts, just like the conventional delegation does. This can prevent the delegated host from abusing privileges. By adopting the new delegation profile kernel, a new trust framework is then proposed to enhance the security verification ability and provide more fine-grained authorization to mobile agent platforms.

Liang Gu,Xuhua Ding,Robert Huijie Deng,Bing Xie,Hong Mei

DOI: https://doi.org/10.1145/1456455.1456458

2008-01-01

Abstract:Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a relevant executable is invoked due to the execution of the target program, its state is measured for attestation. Our scheme not only testifies to a program's execution, but also supports fine-granularity attestations and information flow checking.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Anbang Ruan,Qingni Shen,Li Wang,Chao Qin,Liang Gu,Zhong Chen

2009-01-01

China Communications

Abstract:The Binary-based attestation (BA) mechanism presented by the Trusted Computing Group can equip the application with the capability of genuinely identifying configurations of remote system. However, BA only supports the attestation for specific patterns of binary codes defined by a trusted party, mostly the software vendor, for a particular version of a software. In this paper, we present a Source-Code Oriented Attestation (SCOA) framework to enable custom built application to be attested to in the TCG attestation architecture. In SCOA, security attributes are bond with the source codes of an application instead of its binaries codes. With a proof chain generated by a Trusted Building System to record the building procedure, the challengers can determine whether the binary interacted with is genuinely built from a particular set of source codes. Moreover, with the security attribute certificates assigned to the source codes, they can deter-mine the trustworthiness of the binary. In this paper, we present a TBS implementation with virtualization.

Liang Gu,Yueqiang Cheng,Xuhua Ding,Robert H. Deng,Yao Guo,Weizhong Shao

DOI: https://doi.org/10.1007/978-3-642-14597-1_4

2010-01-01

Abstract:A program is a compound of various subroutines playing different roles. In this paper, we study how to attest the execution of those mission-critical subroutines whose execution is the basis to establish trust. Our results include a new attestation scheme called function attestation. Given a function F of a program $\mathcal{P}$, the proposed scheme allows for an efficient and secure attestation by using the debug facility of processors and building a trust chain rooted at TPM. Our scheme is lightweight and easy to deploy. It can also be easily extended to support multiple-threaded programs and data flow attestation with slightly more overhead.

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

g u liang,yueqiang cheng,xuhua ding,robert h deng,yao guo,weizhong shao

DOI: https://doi.org/10.1007/978-3-642-14597-1_4

2010-01-01

Abstract:A program is a compound of various subroutines playing different roles. In this paper, we study how to attest the execution of those mission-critical subroutines whose execution is the basis to establish trust. Our results include a new attestation scheme called function attestation. Given a function F of a program P , the proposed scheme allows for an efficient and secure attestation by using the debug facility of processors and building a trust chain rooted at TPM. Our scheme is lightweight and easy to deploy. It can also be easily extended to support multiple-threaded programs and data flow attestation with slightly more overhead.

Liang Gu,Yao Guo,Anbang Ruan,Qingni Shen,Hong Mei

DOI: https://doi.org/10.1145/1920261.1920311

2010-01-01

Abstract:Most existing attestation schemes deal with binaries and typically require an exhaustive list of known-good measurements beforehand in order to perform verification. However, many programs nowadays are custom-built: the end user is allowed to tailor, compile and build the source code into various versions, or even build everything from scratch. As a result, it is very difficult, if not impossible, for existing schemes to attest the custom-built software with theoretically unlimited number of valid binaries available. This paper introduce SCOBA, a new Source COde Based Attestation framework, to specifically deal with the attestation on custom software. Instead of trying to obtain a know-good measurement list, SCOBA focuses on the source code and provides a trusted building process to attest the resulting binaries based on the source files and building configuration. SCOBA introduces a trusted verifier to certify the binary code of custom-build program according to its source code and building configuration. For custom-built software based on open-source distributions, we implemented a fully automatic trusted building system prototype for SCOBA based on GCC and TPM. As a case study, we also applied SCOBA to Gentoo and its Portage, which is a source code based package management system. Experimental results show that remote attestation, one of the key TCG features, can be made practically available to the free software community.

Carlton Shepherd,Raja N. Akram,Konstantinos Markantonakis

DOI: https://doi.org/10.48550/arXiv.1804.10707

2018-11-26

Abstract:Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Cryptography and Security

Hua Wang,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1007/978-3-642-02704-8_10

2009-01-01

Abstract:Remote attestation is one of the key functionalities provided by trusted platforms. Most current attestation approaches are based on cryptographic hash functions, which are appropriate to attest to relatively stable objects such as executables. However, they can not effectively deal with software configurations that could have many (or even infinite) trusted variants and could also be modified at run-time. This paper proposes SAConf, a novel semantic attestation approach to attesting to software configurations. SAConf uses a list of constraints to represent the challenger's trust policies, and verifies configurations based on semantic checks against the constraints, according to the semantic meanings of configurations rather than their hashes. An on-request measurement strategy is also added as a complement to the on-load strategy in order to capture potential modifications to configurations during execution. We implemented a prototype of SAConf and evaluations show that it could reduce the storage overhead from exponential to linear compared to hash-based approaches.

Yuhong Zhao,Simon Oberthür,Norma Montealegre,Franz J. Rammig,Martin Kardos

DOI: https://doi.org/10.1007/11752578_125

2006-01-01

Abstract:Component-based self-optimizing systems can adjust themselves over time to dynamic environments by means of exchanging components. In case that such systems are safety-critical, the dependability issue becomes paramountly significant. This paper presents a novel model-based runtime verification to increase dependability for the self-optimizing systems of this kind. The proposed verification approach plays a role of an alternative acceptance test transparently integrated in RTOS, named model-based acceptance test. The verification is performed at the level of (RT-UML) models representing the systems under consideration. The properties to be checked are expressed by RT-OCL where the underlying temporal logic is restricted to either time-annotated ACTL or LTL formulae. The applied technique is based on the on-the-fly model checking, which runs interleaved with the execution of the checked system in a pipelined manner. More specifically, for ACTL formulae this means an on-the-fly solution to the NHORNSAT problem, while in the case of LTL formulae, the emptiness checking method is applied.

Tong Li,Yang Lin,Xueyuan Kong,Yue Yu,Fajiang Yu

2011-01-01

Abstract:Current technology in trusted computing cannot comply with the requirement of trusted behaviour. One method for trusted computing dynamic attestation is proposed in this paper. This method uses a behaviour model based on the static analysis of binary code. One same source code may have several different binary versions, therefore one method is proposed for building almost the same core function model for different binary versions. This research also overcame the difficulty where some dynamic behaviours could not be obtained by static analysis. The paper also provides solutions for dynamic attestation of some complex programs, such as recursion, library link and multi threads programs.

Sufyan Samara,Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1007/978-3-642-15234-4_11

2010-01-01

Abstract:This paper presents a novel flexible, dependable, and reliable operating system design for distributed reconfigurable system on chip. The dependability and reliability are achieved by integrating online model checking technique. Each OS service has different implementations which are further partitioned into small blocks. This operating system design allows the OS service to be adapted at runtime according to the given resource requirements and response time. Such adaptable services may be required by real time safety-critical applications. The flexibility introduced in executing adaptable OS services also gives rise to a potential safety problem. Thus, online model checking is integrated to the operating system so as to improve the dependability, reliability, and fault tolerance of these adaptable OS services.

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Haoxiang Huang,Jianbiao Zhang,Lei Zhang,Jun Hu,YiHao Cao

DOI: https://doi.org/10.1016/j.cose.2023.103648

IF: 5.105

2023-12-11

Computers & Security

Abstract:In the cloud environment, the virtual computing node has become the dominant form of cloud services used by users. Hence, it is increasingly critical to guarantee the trusted operation of the virtual computing node's operating system (VCNOS). However, previous schemes suffer a lot, such as insufficient consideration of the comprehensive of the measured objects, ignoring the dynamic of trusted, and the trusted measurement mechanisms rarely consider their security. Thus, a three-dimensional dynamic trusted measurement model SABDTM, which integrates the integrity measurement of kernel static data, trusted evaluation of operating system behavior (OSB), and the feedback trust of interacting nodes, is proposed. First, SABDTM divided OSB into multiple atomic behaviors and introduced the Bayesian decision theory to predict trusted expectations of OSBs. Second, the feedback trust of interacting nodes is considered to improve the comprehensiveness of the trusted measurement and evaluate its value based on the Euclidean distance function to reduce the impact of inaccurate feedback from malicious nodes. Subsequently, we set the appropriate weight for trusted measurement values of different moments based on Induced Ordered Weighted Averaging to accurately portray the actual state of VCNOS. Moreover, we designed a lightweight and independent subsystem to perform the trusted measurement, which guarantees the security of the measurement service. The security of our model is proved rigorously based on the non-interference theory. Finally, the experiments and comparative analysis demonstrated our model has better functionality and superiority.

computer science, information systems

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced