Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains

نویسندگان

  • Rongwei Yu
  • Fan Yin
  • Jin Ke
  • Lina Wang
چکیده

With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow. According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain. In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. The advantage of this approach is that it is not tied to any specific type of security policy, and it addresses the verification when security policies in two individual virtual domains are inconsistent. Besides, the approach easily extends remote attestation to others’ behavior.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Dynamic Policy Discovery with Remote Attestation

Remote attestation allows programs running on trusted hardware to prove their identity (and that of their environment) to programs on other hosts. Remote attestation can be used to address security concerns if programs agree on the meaning of data in attestations. This paper studies the enforcement of codeidentity based access control policies in a hostile distributed environment, using a combi...

متن کامل

A Robust Integrity Reporting Protocol for Remote Attestation

Trusted Computing Platforms provide the functionality of remote attestation, i.e. attesting the configuration and status of a system to a remote entity. Remote attestation hereby proves integrity and authenticity of system environments. This is crucial for policy enforcement, which in turn is needed in many usage scenarios, e.g., DRM. However, applying remote attestation solely allows masquerad...

متن کامل

Policy Driven Remote Attestation

Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being,...

متن کامل

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts. A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among...

متن کامل

A Dynamic Trustworthiness Attestation Method based on Dual Kernel Architecture

The existing trustworthiness attestation methods are not only difficult to be applied to the embedded system because they are mainly based on virtual machine technology, but have some problems such shat evidence is not obtained in time, protecting the privacy need trusted third party and trust measurement efficiency is low. In this paper, an embedded system dynamic trustworthiness attestation m...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • JNW

دوره 5  شماره 

صفحات  -

تاریخ انتشار 2010