{"title":"A trusted mobile phone reference architecturevia secure kernel","authors":"Xinwen Zhang, O. Aciiçmez, Jean-Pierre Seifert","doi":"10.1145/1314354.1314359","DOIUrl":"https://doi.org/10.1145/1314354.1314359","url":null,"abstract":"Driven by the ever increasing information security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated group - Mobile Phone Working Group (MPWG). to address the security needs of mobile platforms. Along this direction, the MPWG has recently released a Trusted Mobile Phone Reference Architecture Specification. In order to realize trusted mobile platforms, they adapt well-known concepts like TPM, isolation, integrity measurement, etc. from the trusted PC world - with slight modifications due to the characteristics and resource limitations of mobile devices - into generic mobile phone platforms. The business needs of mobile phone industry mandate 4 different stakeholders(platform owners): device manufacturer, cellular service provider, general service provider, and of course the end-user. The specification requires separate trusted and isolated operational domains, so called Trusted Engines, for each of these stakeholders. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these Trusted Engines, a general perception suggests reusing the very well established (Trusted) Virtualization concept from corresponding PC architectures. However, despite of all its merits, the current \"resource devourer\" Virtualization is not very well suited for mobile devices. Thus, in this paper, we propose another isolation technique, which is specifically crafted for mobile phone platforms and respects its resource limitations. We achieve this goal by realizing the TCG's Trusted Mobile Phone specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. Additional to harnessing the potential of SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important integrity measurement and verification concept into our SELinux-based Trusted Mobile Phone architecture. This is achieved by defining some SELinux policy language extensions. Thus, the present paper provides a novel, efficient and inherently secure TCG-aware Mobile Phone reference architecture","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114721239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Daonity: grid security with behaviour conformity from trusted computing","authors":"W. Mao, Fei Yan, Chunrun Chen","doi":"10.1145/1179474.1179486","DOIUrl":"https://doi.org/10.1145/1179474.1179486","url":null,"abstract":"A central security requirement for grid computing can be referred to as behaviour conformity. This is an assurance that ad hoc related principals (users, platforms or instruments) forming a grid virtual organisation (VO) must each act in conformity with the rules for the VO constitution. Existing grid security practice has little means to enforce behaviour conformity and consequently falls short of satisfactory solutions to a number of problems.Trusted Computing (TC) technology can add to grid computing the needed property of behaviour conformity. With TC using an essentially in-platform (trusted) third party, a principal can be imposed to have conformed behaviour and this fact can be reported to interested parties who may only need to be ad hoc related to the former. In this extended abstract we report Daonity, a TC enabled emerging work in grid security standard, to manifest how behaviour conformity can help to improve grid security.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116952139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yasuharu Katsuno, Yuji Watanabe, Sachiko Yoshihama, T. Mishina, M. Kudo
{"title":"Layering negotiations for flexible attestation","authors":"Yasuharu Katsuno, Yuji Watanabe, Sachiko Yoshihama, T. Mishina, M. Kudo","doi":"10.1145/1179474.1179480","DOIUrl":"https://doi.org/10.1145/1179474.1179480","url":null,"abstract":"Recently, much attention has been paid to research on distributed coalitions that establish trust among the members of groups of computing components in distributed environments. The Trusted Virtual Domains (TVD) that our research division is proposing is a new model of a distributed coalition for establishing multiple trusted coalitions of components on nodes in distributed heterogeneous environments. In a large-scale distributed computing environment where many kinds of components exist and there might be difficult situations to agree common attestation methods among all components beforehand, it is necessary to provide each component with flexible attestation according to its usage scenario for increasing the number of components that can participate in TVD.In this paper, we propose a layering negotiation approach. It divides an attestation process into a global attestation phase that verifies that a TVD is fundamentally secure and supporting essential trusted primitives and a local attestation phase that verifies the integrity of a specific component involved in a usage scenario. And, a combination of attestation methods is decided as a result of negotiation between the components for each kind of attestation at each phase. With our approach, the attestation corresponding to a usage scenario can be done flexibly based on the minimal required attestation needed in the TVD, so the component developers can concentrate on the implementation of the higher-level functions.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126000977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The role of trusted computing in internet scale DRM","authors":"Geoffrey Strongin","doi":"10.1145/1179474.1179483","DOIUrl":"https://doi.org/10.1145/1179474.1179483","url":null,"abstract":"The XRI Data Interchange (XDI) protocols and schemas provide a foundation for internet scale exchange of data between parties based on mutually agreed upon policies. Local enforcement of the policy and the preservation of the persistent binding between the data and policy imply a local policy enforcement system. This talk explores the relationship between trusted computing, remote attestation and local policy enforcement capabilities in an Internet scale environment.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116066310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Scalable group communication system for scalable trust","authors":"Krzysztof Ostrowski, K. Birman","doi":"10.1145/1179474.1179477","DOIUrl":"https://doi.org/10.1145/1179474.1179477","url":null,"abstract":"Programmers of large-scale trusted systems need tools to simplify tasks such as replicating services or data. Group communication systems achieve this via various flavors of reliable multicast, but the existing solutions do not scale in all major dimensions. Typically, they scale poorly in the number of groups; yet we believe that using groups casually could lead to new, easier ways of programming. We propose QSM [1], a new multicast substrate that scales in several dimensions at once. Our approach relies on a novel way of exploiting the overlap between groups.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116739138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Liqun Chen, Rainer Landfermann, Hans Löhr, M. Rohe, A. Sadeghi, Christian Stüble
{"title":"A protocol for property-based attestation","authors":"Liqun Chen, Rainer Landfermann, Hans Löhr, M. Rohe, A. Sadeghi, Christian Stüble","doi":"10.1145/1179474.1179479","DOIUrl":"https://doi.org/10.1145/1179474.1179479","url":null,"abstract":"The Trusted Computing Group (TCG) has issued several specifications to enhance the architecture of common computing platforms by means of new functionalities, amongst others the (binary) attestation to verify the integrity of a (remote) computing platform/application. However, as pointed out recently, the binary attestation has some shortcomings, in particular when used for applications: First, it reveals information about the configuration of a platform (hardware and software) or application. This can be misused to discriminate certain configurations (e.g., operating systems) and the corresponding vendors, or be exploited to mount attacks. Second, it requires the verifier to know all possible ``trusted'' configurations of all platforms as well as managing updates and patches that change the configuration. Third, it does not necessarily imply that the platform complies with desired (security) properties. A recent proposal to overcome these problems is to transform the binary attestation into property-based attestation, which requires to only attest whether a platform or an application fulfills the desired (security) requirements without revealing the specific software or/and hardware configuration.Based on previous works, we propose a concrete efficient property-based attestation protocol within an abstract model for the main functionalities provided by TCG-compliant platforms. We prove the security of this protocol under the strong RSA assumption and the discrete logarithm assumption in the random oracle model. Our scheme allows blind verification and revocation of mappings between properties and configurations.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134008226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Scalable trust: engineering challenge or complexity barrier?","authors":"K. Birman","doi":"10.1145/1179474.1179476","DOIUrl":"https://doi.org/10.1145/1179474.1179476","url":null,"abstract":"We consider the challenges of developing and deploying trusted computing platforms that can be operated on a large scale. The core question concerns scalability of trust properties: do these revolve around engineering challenges (which can potentially be overcome by clever design), complexity barriers (which might require completely new approaches), or other kinds of obstacles?Scalable trust means different things to different users; unless we limit the topic, we run the risk of scalability problems of our own. Accordingly, we'll narrow attention to the forms of trust needed in a hypothetical electronic medical records system that interconnects multiple institutions and includes telemetry or even active devices for monitoring patents. There are several efforts underway to develop prototype systems with this functionality.We begin by asking what trust means in the context of such a system. Then, we match technology to the needs, and finally ask whether the available options can scale under the demands that a successful deployment might impose.For our purposes, we'll look at two categories of trust properties, although one can identify others. The first involves quality of service guarantees, such as high availability, fault-tolerance and timely responsiveness. Clearly, an electronic medical records system needs to be highly available and rapidly responsive, particularly if it is \"in the loop\" for patient monitoring or treatment. High availability can be reduced to data and service replication, and rapid responsiveness under scalable load is typically achieved by balancing the load over a set of cloned services. Our question can now be rephrased: rather than asking about the scalability of trust, at least in these respects, we should ask about the scalability of replication technologies.A system can scale well in some dimensions while scaling poorly in others. At Cornell, the QuickSilver and Ricochet projects have explored this question, asking what forms of scalability are actually required. If data and services are replicated in groups, using multicast (or pub-sub technology) to disseminate updates, components may need to belong to many groups (or topics), and some of these groups may be very large. Moreover, the properties desired of groups will vary: some should stress rapid data delivery, others strong delivery properties such as virtual synchrony, and some may need to support a transactional persistence guarantee (the so-called ACID properties). The systems we've developed respond to these requirements. Ricochet focuses on time-critical scenarios, while QuickSilver emphasizes performance and has an extensible framework for developing groups with strong properties.Armed with the perspective offered by this work on scalable replication, we can now return to the original question and ask about other forms of trust. The most obvious issue involves security and authorization relationships: a medical system will support large numbers of users (pati","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133796861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Linking remote attestation to secure tunnel endpoints","authors":"Kenneth A. Goldman, R. Perez, R. Sailer","doi":"10.1145/1179474.1179481","DOIUrl":"https://doi.org/10.1145/1179474.1179481","url":null,"abstract":"Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system \"gained through TPM-based attestation\" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127513438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Sadeghi, M. Selhorst, Christian Stüble, C. Wachsmann, M. Winandy
{"title":"TCG inside?: a note on TPM specification compliance","authors":"A. Sadeghi, M. Selhorst, Christian Stüble, C. Wachsmann, M. Winandy","doi":"10.1145/1179474.1179487","DOIUrl":"https://doi.org/10.1145/1179474.1179487","url":null,"abstract":"The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126326415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Sarmenta, Marten van Dijk, C. W. O'Donnell, Jonathan Rhodes, S. Devadas
{"title":"Virtual monotonic counters and count-limited objects using a TPM without a trusted OS","authors":"L. Sarmenta, Marten van Dijk, C. W. O'Donnell, Jonathan Rhodes, S. Devadas","doi":"10.1145/1179474.1179485","DOIUrl":"https://doi.org/10.1145/1179474.1179485","url":null,"abstract":"A trusted monotonic counter is a valuable primitive that enables a wide variety of highly scalable offline and decentralized applications that would otherwise be prone to replay attacks, including offline payment, e-wallets, virtual trusted storage, and digital rights management (DRM). In this paper, we show how one can implement a very large number of virtual monotonic counters on an untrusted machine with a Trusted Platform Module (TPM) or similar device, without relying on a trusted OS. We first present a log-based scheme that can be implemented with the current version of the TPM (1.2) and used in certain applications. We then show how the addition of a few simple features to the TPM makes it possible to implement a hash-tree-based scheme that not only offers improved performance and scalability compared to the log-based scheme, but also makes it possible to implement count-limited objects (or ``clobs'' for short) -- i.e., encrypted keys, data, and other objects that can only be used when an associated virtual monotonic counter is within a certain range. Such count-limited objects include n-time use keys, n-out-of-m data blobs, n-copy migratable objects, and other variants, which have many potential uses in digital rights management (DRM), digital cash, itinerant computing, and other application areas.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123394621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
