Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains
نویسندگان
چکیده
With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow. According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain. In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. The advantage of this approach is that it is not tied to any specific type of security policy, and it addresses the verification when security policies in two individual virtual domains are inconsistent. Besides, the approach easily extends remote attestation to others’ behavior.
منابع مشابه
Dynamic Policy Discovery with Remote Attestation
Remote attestation allows programs running on trusted hardware to prove their identity (and that of their environment) to programs on other hosts. Remote attestation can be used to address security concerns if programs agree on the meaning of data in attestations. This paper studies the enforcement of codeidentity based access control policies in a hostile distributed environment, using a combi...
متن کاملA Robust Integrity Reporting Protocol for Remote Attestation
Trusted Computing Platforms provide the functionality of remote attestation, i.e. attesting the configuration and status of a system to a remote entity. Remote attestation hereby proves integrity and authenticity of system environments. This is crucial for policy enforcement, which in turn is needed in many usage scenarios, e.g., DRM. However, applying remote attestation solely allows masquerad...
متن کاملPolicy Driven Remote Attestation
Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being,...
متن کاملDirect Anonymous Attestation: Enhancing Cloud Service User Privacy
We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts. A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among...
متن کاملA Dynamic Trustworthiness Attestation Method based on Dual Kernel Architecture
The existing trustworthiness attestation methods are not only difficult to be applied to the embedded system because they are mainly based on virtual machine technology, but have some problems such shat evidence is not obtained in time, protecting the privacy need trusted third party and trust measurement efficiency is low. In this paper, an embedded system dynamic trustworthiness attestation m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- JNW
دوره 5 شماره
صفحات -
تاریخ انتشار 2010