发布求助
文献互助 智能选刊 最新文献

Scalable Trusted Computing最新文献

筛选
英文 中文
Improving the scalability of platform attestation 提高平台认证的可扩展性
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456457
F. Stumpf, A. Fuchs, S. Katzenbeisser, C. Eckert
{"title":"Improving the scalability of platform attestation","authors":"F. Stumpf, A. Fuchs, S. Katzenbeisser, C. Eckert","doi":"10.1145/1456455.1456457","DOIUrl":"https://doi.org/10.1145/1456455.1456457","url":null,"abstract":"In the process of platform attestation, a Trusted Platform Module is a performance bottleneck, which causes enormous delays if multiple simultaneously attestation requests arrive in a short period of time. In this paper we show how the scalability of platform attestation can be improved. In this context, we propose three protocols that enable fast and secure integrity reporting for servers that have to handle many attestation requests. We implemented all of our protocols and compared them in terms of security and performance. Our proposed protocols enable a highly frequented entity to timely answer incoming attestation requests.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117220349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Trusted computing building blocks for embedded linux-based ARM trustzone platforms 嵌入式基于linux的ARM trustzone平台的可信计算构建块
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456460
Johannes Winter
{"title":"Trusted computing building blocks for embedded linux-based ARM trustzone platforms","authors":"Johannes Winter","doi":"10.1145/1456455.1456460","DOIUrl":"https://doi.org/10.1145/1456455.1456460","url":null,"abstract":"Security is an emerging topic in the field of mobile and embedded platforms. The Trusted Computing Group (TCG) has outlined one possible approach to mobile platform security by recently extending their set of Trusted Computing specifications with Mobile Trusted Modules (MTMs). The MTM specification [13] published by the TCG is a platform independent approach to Trusted Computing explicitly allowing for a wide range of potential implementations. ARM follows a different approach to mobile platform security, by extending platforms with hardware supported ARM TrustZone security [3] mechanisms. This paper outlines an approach to merge TCG-style Trusted Computing concepts with ARM TrustZone technology in order to build an open Linux-based embedded trusted computing platform.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134072604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 218
e-EMV: emulating EMV for internet payments with trusted computing technologies e-EMV:用可信计算技术模拟互联网支付的EMV
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456468
S. Balfe, K. Paterson
{"title":"e-EMV: emulating EMV for internet payments with trusted computing technologies","authors":"S. Balfe, K. Paterson","doi":"10.1145/1456455.1456468","DOIUrl":"https://doi.org/10.1145/1456455.1456468","url":null,"abstract":"This paper shows how the functionality associated with EMV-compliant payment cards can be securely emulated in software on platforms supporting Trusted Computing technology. We describe a detailed system architecture encompassing user enrolment, card deployment (in the form of software), card activation, and subsequent transaction processing. Our proposal is compatible with the existing EMV transaction processing architecture, and thus integrates fully and naturally with already deployed EMV infrastructure. We show that our proposal, which effectively makes available the full security of PoS transactions for Internet-based CNP transactions, has the potential to significantly reduce the opportunity for fraudulent CNP transactions.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127718036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Remote attestation on program execution 程序执行的远程认证
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456458
Liang Gu, Xuhua Ding, R. Deng, Bing Xie, Hong Mei
{"title":"Remote attestation on program execution","authors":"Liang Gu, Xuhua Ding, R. Deng, Bing Xie, Hong Mei","doi":"10.1145/1456455.1456458","DOIUrl":"https://doi.org/10.1145/1456455.1456458","url":null,"abstract":"Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a relevant executable is invoked due to the execution of the target program, its state is measured for attestation. Our scheme not only testifies to a program's execution, but also supports fine-granularity attestations and information flow checking.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130092739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
Scheduling execution of credentials in constrained secure environments 在受约束的安全环境中调度凭证的执行
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456465
Jan-Erik Ekberg, N. Asokan, Kari Kostiainen, A. Rantala
{"title":"Scheduling execution of credentials in constrained secure environments","authors":"Jan-Erik Ekberg, N. Asokan, Kari Kostiainen, A. Rantala","doi":"10.1145/1456455.1456465","DOIUrl":"https://doi.org/10.1145/1456455.1456465","url":null,"abstract":"A new inexpensive approach for using credentials in a secure manner has become available due to the fact that several types of general-purpose secure hardware, like TPMs, Mshield and ARM TrustZone are becoming widely deployed. These technologies still have limitations, one being the limited on-chip secure memory which leads to severe size constraints for credentials that need to execute in secure memories. In this paper, we describe, in the context of a credential provisioning and execution architecture we call On-board Credentials (ObC), a secure scheduling mechanism for overcoming some of the size constraints imposed for the virtual credentials implemented on ObC.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115818198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
An efficient implementation of trusted channels based on openssl 基于openssl的可信通道的有效实现
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456462
Frederik Armknecht, Y. Gasmi, A. Sadeghi, Patrick Stewin, Martin Unger, G. Ramunno, Davide Vernizzi
{"title":"An efficient implementation of trusted channels based on openssl","authors":"Frederik Armknecht, Y. Gasmi, A. Sadeghi, Patrick Stewin, Martin Unger, G. Ramunno, Davide Vernizzi","doi":"10.1145/1456455.1456462","DOIUrl":"https://doi.org/10.1145/1456455.1456462","url":null,"abstract":"Security breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. Recent approaches aiming to solve this problem rely on the TLS protocol to additionally provide integrity information of the involved endpoints. However, these solutions have shortcomings with regard to either security, functionality or compliance to the TLS specification. This prevents that those approaches are deployed in practice. In this paper, we present an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that resolves the deficiencies of the previous solutions. It provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"517 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123097821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
Improving coherency of runtime integrity measurement 提高运行时完整性度量的一致性
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456464
M. Thober, J. Pendergrass, C. McDonell
{"title":"Improving coherency of runtime integrity measurement","authors":"M. Thober, J. Pendergrass, C. McDonell","doi":"10.1145/1456455.1456464","DOIUrl":"https://doi.org/10.1145/1456455.1456464","url":null,"abstract":"Recent work in software integrity verification provides techniques for measuring integrity at runtime, where a measurement agent observes the memory image of a running process and constructs some meaningful description of the process's current state. Unlike in static and load time measurement architectures, the target of a runtime measurement is running and hence able to change its state. In this setting, an accurate measurement must reflect a coherent state of the target. A coherent measurement must satisfy two properties: atomicity ensures that a measurement corresponds to the state of the target at a particular point in time and quiescence ensures that the target data is in a consistent state, i.e. not a critical section. We address the former property, showing that we can obtain an atomic measurement using a memory copy-on-write strategy, which we have implemented in the Xen hypervisor. We show that this approach achieves significant performance gains in the memory and time impact to the target, when compared with naive strategies for enforcing atomicity.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132383542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Flexible and secure enterprise rights management based on trusted virtual domains 基于可信虚拟域的灵活安全的企业权限管理
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456467
Y. Gasmi, A. Sadeghi, Patrick Stewin, Martin Unger, M. Winandy, Rani Husseiki, Christian Stüble
{"title":"Flexible and secure enterprise rights management based on trusted virtual domains","authors":"Y. Gasmi, A. Sadeghi, Patrick Stewin, Martin Unger, M. Winandy, Rani Husseiki, Christian Stüble","doi":"10.1145/1456455.1456467","DOIUrl":"https://doi.org/10.1145/1456455.1456467","url":null,"abstract":"The requirements for secure document workflows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, fine-grained access control to document information is necessary in certain scenarios where the integrity and confidentiality of parts of documents is of high priority.\u0000 In this paper, we present a secure and flexible Enterprise Rights Management (ERM) system based on a refined version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workflow from other tasks on the user platforms, and a role-based document-policy ensuring both confidentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture offers advanced features for secure document workflows such as offline access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on key management, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130517702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
A fast real-time memory authentication protocol 一个快速的实时内存认证协议
Scalable Trusted Computing Pub Date : 2008-10-31 DOI: 10.1145/1456455.1456461
Yin Hu, Ghaith Hammouri, B. Sunar
{"title":"A fast real-time memory authentication protocol","authors":"Yin Hu, Ghaith Hammouri, B. Sunar","doi":"10.1145/1456455.1456461","DOIUrl":"https://doi.org/10.1145/1456455.1456461","url":null,"abstract":"We propose a new real-time authentication scheme for memory. As in previous proposals the scheme uses a Merkle tree to guarantee dynamic protection of memory. We use the universal hash function family NH for speed and couple it with an AES encryption in order to achieve a high level of security. The proposed scheme is much faster compared to similar schemes achieved by cryptographic hash functions such as SHA-1 due to the finer grain incremental hashing ability provided by NH. This advantage in speed becomes more vivid when the frequency of integrity checks becomes much lower than the frequency of memory updating. This feature is mainly due to the incremental nature of NH. Moreover, we show that with a small variation in the universal hash function family used, we can achieve fast and simple software implementation.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"28 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121004543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Offline untrusted storage with immediate detection of forking and replay attacks 脱机不可信存储,可立即检测分叉和重放攻击
Scalable Trusted Computing Pub Date : 2007-11-02 DOI: 10.1145/1314354.1314364
Marten van Dijk, Jonathan Rhodes, L. Sarmenta, S. Devadas
{"title":"Offline untrusted storage with immediate detection of forking and replay attacks","authors":"Marten van Dijk, Jonathan Rhodes, L. Sarmenta, S. Devadas","doi":"10.1145/1314354.1314364","DOIUrl":"https://doi.org/10.1145/1314354.1314364","url":null,"abstract":"We address the problemof using an untrusted server with only a trusted timestamping device (TTD) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). We show how a TTD can be implemented using currently available Trusted Platform Module TPM 1.2 technology without having to assume trust in the BIOS, CPU, or OS of the TPM's server. We show how the TTD can be used to implement tamper-evident storagewhere clients are guaranteed to immediately detect illegitimate modifications to their data (including replay attacks and forking attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the TTD is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage. We present performance results of an actual implementation using PlanetLab and a PC with a TPM 1.2 chip","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"120 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121212641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信