发布求助
文献互助 智能选刊 最新文献

Scalable Trusted Computing最新文献

筛选
英文 中文
The diversity of TPMs and its effects on development: a case study of integrating the TPM into OpenSolaris TPM的多样性及其对开发的影响:将TPM集成到OpenSolaris中的一个案例研究
Scalable Trusted Computing Pub Date : 2010-10-04 DOI: 10.1145/1867635.1867649
Anna Shubina, S. Bratus, Wyllys Ingersol, Sean W. Smith
{"title":"The diversity of TPMs and its effects on development: a case study of integrating the TPM into OpenSolaris","authors":"Anna Shubina, S. Bratus, Wyllys Ingersol, Sean W. Smith","doi":"10.1145/1867635.1867649","DOIUrl":"https://doi.org/10.1145/1867635.1867649","url":null,"abstract":"Broad adoption of secure programming primitives such as the TPM can be hurt by programmer confusion regarding the nature and representation of failures when using a primitive. Conversely, a clear understanding of the primitive's failure modes is essential for both debugging and reducing the attack surface in the mechanisms built on it. In particular, differences in error processing and reporting logic significantly detract from such understanding.\u0000 We present a case study of diversity in TPM behaviors and its effects on a TSS implementation, which emerged from the Sun/Dartmouth TCG/OpenSolaris project, one of the goals of which was instrumenting TPM support on Solaris. At the start of the project, both parties believed the instrumentation to be well-defined and, although time-consuming, relatively straightforward. In the course of the project we had to reexamine our assumptions concerning the state of the hardware and the software involved and the view of the system as presented to someone unfamiliar with its internals. We describe some failure modes we encountered and suggest directions for remediation.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121436281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A practical property-based bootstrap architecture 一个实用的基于属性的引导体系结构
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655114
René Korthaus, A. Sadeghi, Christian Stüble, Jing Zhan
{"title":"A practical property-based bootstrap architecture","authors":"René Korthaus, A. Sadeghi, Christian Stüble, Jing Zhan","doi":"10.1145/1655108.1655114","DOIUrl":"https://doi.org/10.1145/1655108.1655114","url":null,"abstract":"Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously.\u0000 In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party.\u0000 Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a \"Property-Based Secure Boot\". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133317057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Towards platform-independent trusted computing 走向与平台无关的可信计算
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655119
Ronald Toegl, Thomas Winkler, M. Nauman, Theodore W. Hong
{"title":"Towards platform-independent trusted computing","authors":"Ronald Toegl, Thomas Winkler, M. Nauman, Theodore W. Hong","doi":"10.1145/1655108.1655119","DOIUrl":"https://doi.org/10.1145/1655108.1655119","url":null,"abstract":"Software independence from hardware platforms is an important feature of growing significance, given the emergence of new distributed computing paradigms. It would be desirable to extend the Trusted Computing mechanisms offered by the Trusted Platform Module into the platform independent Java environment. However, there is currently no generally accepted Trusted Computing API for Java. In this paper, we describe the design of a high-level API for Trusted Computing in Java, which is set to become the new industry standard for Java applications. We describe the current state of the standardization effort being undertaken in Java Specification Request 321 (JSR321).","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115208430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
TruWallet: trustworthy and migratable wallet-based web authentication TruWallet:可信赖和可迁移的基于钱包的web认证
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655112
S. Gajek, Hans Löhr, A. Sadeghi, M. Winandy
{"title":"TruWallet: trustworthy and migratable wallet-based web authentication","authors":"S. Gajek, Hans Löhr, A. Sadeghi, M. Winandy","doi":"10.1145/1655108.1655112","DOIUrl":"https://doi.org/10.1145/1655108.1655112","url":null,"abstract":"Identity theft has fostered to a major security problem on the Internet, in particular stealing passwords for web applications through phishing and malware. We present TruWallet, a wallet-based authentication tool that improves previous solutions for protecting web-based authentication. In contrast to other wallet-based solutions, TruWallet provides (i) strong protection for users' credentials and sensitive data by cryptographically binding them to the user's platform configuration based on Trusted Computing technology, (ii) an automated login procedure where the server is authenticated independently from (SSL) certificates, thus limiting the possibility of attacks based on hijacked certificates and allowing less dependency on the SSL PKI model, and (iii) a secure migration protocol for transferring wallet data to other platforms. Our implementation uses a small virtualization-based security kernel with trusted computing support and works with standard SSL-based authentication solutions for the web, where only minor modifications and extensions are required. It is interoperable so that we can re-use existing operating systems and applications like web browsers.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129473620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
MYSEA: the monterey security architecture MYSEA:蒙特雷安全架构
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655115
C. Irvine, Thuy D. Nguyen, D. Shifflett, T. Levin, Jean Khosalim, Charles Prince, P. Clark, Mark A. Gondree
{"title":"MYSEA: the monterey security architecture","authors":"C. Irvine, Thuy D. Nguyen, D. Shifflett, T. Levin, Jean Khosalim, Charles Prince, P. Clark, Mark A. Gondree","doi":"10.1145/1655108.1655115","DOIUrl":"https://doi.org/10.1145/1655108.1655115","url":null,"abstract":"Mandated requirements to share information across different sensitivity domains necessitate the design of distributed architectures to enforce information flow policies while providing protection from malicious code and attacks devised by highly motivated adversaries. The MYSEA architecture uses component security services and mechanisms to extend and inter-operate with commodity PCs, commodity client software, applications, trusted components, and legacy single level networks, providing new capabilities for composing secure, distributed multilevel secure solutions. This results in an architecture that meets two compelling requirements: first, that users have a familiar work environment, and, second, that critical mandatory security policies are enforced.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132359933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Towards secure dataflow processing in open distributed systems 面向开放分布式系统中的安全数据流处理
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655120
Juan Du, Wei Wei, Xiaohui Gu, Ting Yu
{"title":"Towards secure dataflow processing in open distributed systems","authors":"Juan Du, Wei Wei, Xiaohui Gu, Ting Yu","doi":"10.1145/1655108.1655120","DOIUrl":"https://doi.org/10.1145/1655108.1655120","url":null,"abstract":"Open distributed systems such as service oriented architecture and cloud computing have emerged as promising platforms to deliver software as a service to users. However, for many security sensitive applications such as critical data processing, trust management poses significant challenges for migrating those critical applications into open distributed systems. In this paper, we present the design and implementation of a new secure dataflow processing system that aims at providing trustworthy continuous data processing in multi-party open distributed systems. We identify a set of major security attacks that can compromise the integrity of dataflow processing and provide effective protection mechanisms to counter those attacks. We have implemented a prototype of the secure dataflow processing framework and tested it on the PlanetLab testbed. Our experimental results show that our protection schemes are effective and impose low performance impact for dataflow processing in large-scale open distributed systems.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"1 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128773414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Physically restricted authentication with trusted hardware 使用可信硬件进行物理限制的身份验证
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655118
Michael S. Kirkpatrick, E. Bertino
{"title":"Physically restricted authentication with trusted hardware","authors":"Michael S. Kirkpatrick, E. Bertino","doi":"10.1145/1655108.1655118","DOIUrl":"https://doi.org/10.1145/1655108.1655118","url":null,"abstract":"Modern computer systems permit users to access protected information from remote locations. In certain secure environments, it would be desirable to restrict this access to a particular computer or set of computers. Existing solutions of machine-level authentication are undesirable for two reasons. First, they do not allow fine-grained application layer access decisions. Second, they are vulnerable to insider attacks in which a trusted administrator acts maliciously.\u0000 In this work, we describe a novel approach using secure hardware that solves these problems. In our design, multiple administrators are required for installation of a system. After installation, the authentication privileges are physically linked to that machine, and no administrator can bypass these controls. We define an administrative model and detail the requirements for an authentication protocol to be compatible with our methodology. Our design presents some challenges for large-scale systems, in addition to the benefit of reduced maintenance.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116718556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
LaLa: a late launch application LaLa:延迟发布的应用程序
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655110
C. Gebhardt, Chris I. Dalton
{"title":"LaLa: a late launch application","authors":"C. Gebhardt, Chris I. Dalton","doi":"10.1145/1655108.1655110","DOIUrl":"https://doi.org/10.1145/1655108.1655110","url":null,"abstract":"Numerous systems have been proposed in the past to decrease Operating System (OS) loading times. More recently instant-on solutions which only implement a reduced function set, are becoming more popular. While they are satisfying the user's need to quickly operate on a platform, they are mutually exclusive and force the user to make a decision which system to use during the platform boot. We present in this paper a flexible architecture which enables a platform user to benefit from the advantages of a fast booting platform and a full-featured mainstream OS at the same time. The instant-on system and a full-featured OS can coexist and share the same resources. Moreover, our design enhances the concept of an instant-on system with secure, trustworthy and policy enforced compartments. Our unique approach combines the latest hardware virtualisation and trust technologies to deliver a more robust platform to address the tight security requirements in a corporate environment.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116294115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks 动态完整性测量和认证:防御面向返回的编程攻击
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655117
Lucas Davi, A. Sadeghi, M. Winandy
{"title":"Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks","authors":"Lucas Davi, A. Sadeghi, M. Winandy","doi":"10.1145/1655108.1655117","DOIUrl":"https://doi.org/10.1145/1655108.1655117","url":null,"abstract":"Despite the many efforts made in recent years to mitigate runtime attacks such as stack and heap based buffer overflows, these attacks are still a common security concern in today's computing platforms. Attackers have even found new ways to enforce runtime attacks including use of a technique called return-oriented programming. Trusted Computing provides mechanisms to verify the integrity of all executable content in an operating system. But they only provide integrity at load-time and are not able to prevent or detect runtime attacks. To mitigate return-oriented programming attacks, we propose new runtime integrity monitoring techniques that use tracking instrumentation of program binaries based on taint analysis and dynamic tracing. We also describe how these techniques can be employed in a dynamic integrity measurement architecture (DynIMA). In this way we fill the gap between static load-time and dynamic runtime attestation and, in particular, extend trusted computing techniques to effectively defend against return-oriented programming attacks.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123979705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 166
Trust in a small package: minimized MRTM software implementation for mobile secure environments 信任在一个小的包:最小化MRTM软件实现的移动安全环境
Scalable Trusted Computing Pub Date : 2009-11-13 DOI: 10.1145/1655108.1655111
Jan-Erik Ekberg, Sven Bugiel
{"title":"Trust in a small package: minimized MRTM software implementation for mobile secure environments","authors":"Jan-Erik Ekberg, Sven Bugiel","doi":"10.1145/1655108.1655111","DOIUrl":"https://doi.org/10.1145/1655108.1655111","url":null,"abstract":"In this paper we present a software-based implementation of a Mobile Remote Owner Trusted Module, using security extensions of contemporary System-On-Chip architectures. An explicit challenge are the constrained resources of such on-chip mechanisms. We expose a software architecture that minimizes the code and data size of the MRTM, applying some novel approaches proposed in recent research. Additionally, we explore alternatives within the specification to further optimize the size of MTMs. We present an analysis of specific new security issues induced by the architecture. Performance figures for an on-the-market mobile handset are provided. The results clearly indicate that a software-based MRTM is feasible on modern embedded hardware with legacy security environments.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132031493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信