A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Maat: A Platform Service for Measurement and Attestation
[article]
2017
arXiv
pre-print
Preserved Fulltext
Software integrity measurement and attestation (M&A) are critical technologies for evaluating the trustworthiness of software platforms. ...
To best support these technologies, next generation systems must provide a centralized service for securely selecting, collecting, and evaluating integrity measurements. ...
Like support for multiple appraisers and protocols, this feature directly supports the flexibility and usability of the M&A system. • Policy-based Negotiation: The M&A service should be capable of negotiating ...
arXiv:1709.10147v1
fatcat:33ps56ugfzcrnceh7dovk45i7m
Orchestrating Layered Attestations
[chapter]
2019
Research Series on the Chinese Dream and China's Development Path
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We present Copland, a language for specifying layered attestations. ...
This gives explicit implementation guidance for attestation frameworks. ...
It is not sufficient to have a flexible set of attestation mechanisms-a flexible language for specifying layered attestations is crucial. This paper introduces such a language. Contribution. ...
doi:10.1007/978-3-030-17138-4_9
dblp:conf/post/RamsdellRAHLPP19
fatcat:43qir7goxbdmfb5mq7udh7sfiy
Trusted License Distribution System Based on IPSec VPN for Mobile DRM
2014
Open Electrical & Electronic Engineering Journal
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
With the rapid development of mobile applications, DRM systems used for mobile terminals and wireless environment become popular. ...
However, the present DRM schemes are not fit for mobile applications because of the new security problems in wireless environment and the limitations of mobile terminals. ...
Then, we presented the method of remote attestation extension for IP-Sec, introducing TCG remote attestation into IKE negotiation of IPSec, to avoid terminal security vulnerability. ...
doi:10.2174/1874129001408010034
fatcat:5kgttnjjeff73djqo4jynitn6m
Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains
2010
Journal of Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain. ...
In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. ...
In the next phase, verification and negotiation is completed between TVD1-Master and TVD2-Master, for the purpose of lower attestation approach used next and set of behaviors attested. ...
doi:10.4304/jnw.5.6.642-649
fatcat:5uwp4nt4rjfgpfqu64knemztwe
Extending IPsec for Efficient Remote Attestation
[chapter]
2010
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Our extension (i) allows for continuous exchange of attestation data while the IPsec connection is running, (ii) supports highly ecient exchange of attestation data and (iii) requires minimal changes to ...
However, existing protocols and extensions are either unsuited for use with IPsec or impose considerable additional implementation complexity and protocol overhead. ...
for each of the two negotiated IKE SAs. ...
doi:10.1007/978-3-642-14992-4_14
fatcat:3gp2vmb4lbgwvgwahhjsfx4csi
Towards Secure Cloud Orchestration for Multi-Cloud Deployments
2018
Proceedings of the 5th Workshop on CrossCloud Infrastructures & Platforms - CrossCloud'18
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
We identify a set of attack scenarios, define security enforcement enablers and propose an architecture for a security-enabled cloud orchestration framework for multi-cloud application deployments. ...
In this work, we analyze the security landscape of cloud orchestration frameworks for multicloud infrastructure. ...
Declarative Architectures Imperative Architectures Organizing construct: recursive decomposition Organizing construct: static layering Arbitrary number of levels of recursion Fixed number of layers Flexible ...
doi:10.1145/3195870.3195874
dblp:conf/eurosys/PaladiMD18
fatcat:qul32bkf4rfdnghqmnxyfzl5ga
Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid
2005
Scientific Programming
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
Providing standardized interfaces to such services would enable a client to flexibly negotiate required workspaces at different sites. ...
As we point out in Section 5, workspaces can be used for management at different layers. ...
doi:10.1155/2005/351408
fatcat:6v2yxt6febeb5e334r6rnngceq
Secure VPNs for Trusted Computing Environments
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf.
However, trusted boot and remote attestation also require a redesign of critical software components to achieve their full potential. ...
We solve the conflict between security and flexibility by implementing a selfcontained VPN service that resides in an isolated area, outside the operating system environment visible to the user. ...
Remote Attestation The Trusted Network Group (TNG) proposes an extensive framework for remote attestation in [37, 38] . ...
doi:10.1007/978-3-642-00587-9_13
fatcat:3ffsszwreffurnkncqfhpw5tte
D2.3 - Proof-Of-Concept Prototype Of Secure Computation Infrastructure And Supercloud Security Services
2017
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
support for cross-layer security, hardware-based isolation and trust management using Intel SGX technology, and support for cloud FPGAs; and a self-management infrastructure including a security orchestrator ...
We start by giving a general overview of the structure of the overall security framework for computation. ...
realizes a quote operation used for attestation between remote SGX platforms: it performs a secure hash of a report, generates an RSA key for future communications between remotely attested elements, ...
doi:10.5281/zenodo.836962
fatcat:eypxpidvzzbu3ckki4ny3qf6xe
Time to Rethink: Trust Brokerage Using Trusted Execution Environments
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
As the assurance and availability of hardware-based Trusted Execution Environments (TEEs) is increasing, we propose an alternative direction of using TEEs as "neutral" environments for efficient yet secure ...
Some applications may only require a generic TEE compatibility layer, while others will uniquely benefit from the deployment and policy negotiation technology supported by TEEs. ...
Privacy-preserving filtering schemes must be applied to prevent such attacks, and the system must allow the data owners to flexibly negotiate and enforce such policies. ...
doi:10.1007/978-3-319-22846-4_11
fatcat:ixdllo7h7zc6zb3fygbzyba24u
PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Using remote attestation and TEE, Pri-vacyGuard ensures that data is only used for the intended purposes approved by the data owner. ...
While the original intended use of such data is primarily for smart IoT system and device control, the data is often used for other purposes not explicitly consented to by the users. ...
-Policy Generation and Contract Negotiation Our framework allows a data owner to define the access policy for the data he generated. ...
doi:10.1007/978-3-030-00305-0_24
fatcat:5votqzt4pzgllc75uunftckc5a
Beyond secure channels
2007
Proceedings of the 2007 ACM workshop on Scalable trusted computing - STC '07
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We also present a concrete implementation proposal based on Transport Layer Security (TLS) protocol, and Trusted Computing technology. ...
We use Subject Key Attestation Evidence extensions to X.509v3 certificates to convey configuration information during key agreement (TLS handshake). ...
ACKNOWLEDGEMENTS The authors would like to thank the anonymous reviewers for their very valuable comments and their helpful suggestions. ...
doi:10.1145/1314354.1314363
dblp:conf/ccs/GasmiSSUA07
fatcat:2lhina4qhzcm7e6n55ggo2ftpa
An Infrastructure for Faithful Execution of Remote Attestation Protocols
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Copland is a domain-specific language for specifying layered attestation protocols, characterizing attestation-relevant system events, and describing evidence bundling. ...
Remote attestation is an emerging technology for establishing trust in a remote computing system. ...
checking-as-attestation example is trivial, it exposes critical characteristics of attestation protocols that motivate and impact verification: -Flexible mechanism-There is no single way for performing ...
arXiv:2012.10511v1
fatcat:6pmyre4oavgg7kwhwk7mkoteza
Behavioral attestation for web services (BA4WS)
2008
Proceedings of the 2008 ACM workshop on Secure web services - SWS '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services ...
Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments ...
The XACML behavior policy is built on top of WS-Attestation in order to enable a more fine-grained and flexible mechanism for incorporating attestation at the web services level. ...
doi:10.1145/1456492.1456496
dblp:conf/sws/AlamZNA08
fatcat:rhn5clshtbhu5hsyxkfovkb2dy
HTTPA/2: a Trusted End-to-End Protocol for Web Services
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2022 pre-print arXiv:2205.01052v1 fatcat:dwe26bxoybcata77avs6sjm7ja
Comparatively, the previous work [10] is mainly focused on how to include Remote Attestation (RA) and secret provisioning to HTTP protocol in assumption of using Transport Layer Security (TLS) across Internet ...
In contrast, HTTPA/2 does not need TLS protocol, such as TLS 1.3 [19], for secure communication over Internet. ...
Furthermore, HTTPA/2 provides flexibility for service provider to decide which part of the HTTP message is required to be protected. ...
arXiv:2205.01052v2
fatcat:lhx6zrxvq5alfkwgx27nhhgzyq
« Previous
Showing results 1 — 15 out of 9,236 results