Trusted Passages: Managing Distributed Trust to Meet the Needs of Emerging Applications

Proposed Work. The inherent complexity of applications, technologies, and platforms in today’s large scale distributed systems makes it extremely challenging for open systems to provide trustworthy services to end-users. In this research project, we propose an approach that integrates modern system virtualization techniques as well as new methods for runtime trust monitoring and assessment. This approach dynamically creates and maintains what we term trusted passages across distributed and potentially untrusted execution platforms. Thus, even with an insecure Internet, our goal is to continually assess the distributed computational platforms being used by applications, and based on that information, provide trusted services to the applications. Our goal is to permit even critical applications to use open systems, enabling them to produce, process, and distribute information in a timely fashion. Applications that can benefit by our work range from remote surveillance, to the operational information systems used in government and commercial settings, to those that run daily e-commerce web services and similar information processing tasks. Attacks on such applications and their infrastructure addressed by our work include compromised systems through rootkits, viruses, or other malicious tampering, and degradation caused by temporary system overloads or failures.