Filters








9,236 Hits in 2.5 sec

Maat: A Platform Service for Measurement and Attestation [article]

J. Aaron Pendergrass, Sarah Helble, John Clemens, Peter Loscocco
2017 arXiv   pre-print
Software integrity measurement and attestation (M&A) are critical technologies for evaluating the trustworthiness of software platforms.  ...  To best support these technologies, next generation systems must provide a centralized service for securely selecting, collecting, and evaluating integrity measurements.  ...  Like support for multiple appraisers and protocols, this feature directly supports the flexibility and usability of the M&A system. • Policy-based Negotiation: The M&A service should be capable of negotiating  ... 
arXiv:1709.10147v1 fatcat:33ps56ugfzcrnceh7dovk45i7m

Orchestrating Layered Attestations [chapter]

John D. Ramsdell, Paul D. Rowe, Perry Alexander, Sarah C. Helble, Peter Loscocco, J. Aaron Pendergrass, Adam Petz
2019 Research Series on the Chinese Dream and China's Development Path  
We present Copland, a language for specifying layered attestations.  ...  This gives explicit implementation guidance for attestation frameworks.  ...  It is not sufficient to have a flexible set of attestation mechanisms-a flexible language for specifying layered attestations is crucial. This paper introduces such a language. Contribution.  ... 
doi:10.1007/978-3-030-17138-4_9 dblp:conf/post/RamsdellRAHLPP19 fatcat:43qir7goxbdmfb5mq7udh7sfiy

Trusted License Distribution System Based on IPSec VPN for Mobile DRM

Wang Jian, Zhang Zhiyong, Xiang Fei, Yu Weihua
2014 Open Electrical & Electronic Engineering Journal  
With the rapid development of mobile applications, DRM systems used for mobile terminals and wireless environment become popular.  ...  However, the present DRM schemes are not fit for mobile applications because of the new security problems in wireless environment and the limitations of mobile terminals.  ...  Then, we presented the method of remote attestation extension for IP-Sec, introducing TCG remote attestation into IKE negotiation of IPSec, to avoid terminal security vulnerability.  ... 
doi:10.2174/1874129001408010034 fatcat:5kgttnjjeff73djqo4jynitn6m

Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains

Rong-wei Yu, Fan Yin, Jin Ke, Lina Wang
2010 Journal of Networks  
According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain.  ...  In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy.  ...  In the next phase, verification and negotiation is completed between TVD1-Master and TVD2-Master, for the purpose of lower attestation approach used next and set of behaviors attested.  ... 
doi:10.4304/jnw.5.6.642-649 fatcat:5uwp4nt4rjfgpfqu64knemztwe

Extending IPsec for Efficient Remote Attestation [chapter]

Ahmad-Reza Sadeghi, Steffen Schulz
2010 Lecture Notes in Computer Science  
Our extension (i) allows for continuous exchange of attestation data while the IPsec connection is running, (ii) supports highly ecient exchange of attestation data and (iii) requires minimal changes to  ...  However, existing protocols and extensions are either unsuited for use with IPsec or impose considerable additional implementation complexity and protocol overhead.  ...  for each of the two negotiated IKE SAs.  ... 
doi:10.1007/978-3-642-14992-4_14 fatcat:3gp2vmb4lbgwvgwahhjsfx4csi

Towards Secure Cloud Orchestration for Multi-Cloud Deployments

Nicolae Paladi, Antonis Michalas, Hai-Van Dang
2018 Proceedings of the 5th Workshop on CrossCloud Infrastructures & Platforms - CrossCloud'18  
We identify a set of attack scenarios, define security enforcement enablers and propose an architecture for a security-enabled cloud orchestration framework for multi-cloud application deployments.  ...  In this work, we analyze the security landscape of cloud orchestration frameworks for multicloud infrastructure.  ...  Declarative Architectures Imperative Architectures Organizing construct: recursive decomposition Organizing construct: static layering Arbitrary number of levels of recursion Fixed number of layers Flexible  ... 
doi:10.1145/3195870.3195874 dblp:conf/eurosys/PaladiMD18 fatcat:qul32bkf4rfdnghqmnxyfzl5ga

Virtual Workspaces: Achieving Quality of Service and Quality of Life in the Grid

K. Keahey, I. Foster, T. Freeman, X. Zhang
2005 Scientific Programming  
Providing standardized interfaces to such services would enable a client to flexibly negotiate required workspaces at different sites.  ...  As we point out in Section 5, workspaces can be used for management at different layers.  ... 
doi:10.1155/2005/351408 fatcat:6v2yxt6febeb5e334r6rnngceq

Secure VPNs for Trusted Computing Environments [chapter]

Steffen Schulz, Ahmad-Reza Sadeghi
2009 Lecture Notes in Computer Science  
However, trusted boot and remote attestation also require a redesign of critical software components to achieve their full potential.  ...  We solve the conflict between security and flexibility by implementing a selfcontained VPN service that resides in an isolated area, outside the operating system environment visible to the user.  ...  Remote Attestation The Trusted Network Group (TNG) proposes an extensive framework for remote attestation in [37, 38] .  ... 
doi:10.1007/978-3-642-00587-9_13 fatcat:3ffsszwreffurnkncqfhpw5tte

D2.3 - Proof-Of-Concept Prototype Of Secure Computation Infrastructure And Supercloud Security Services

Marc Lacoste, Mario Münzer, Felix Stornig, Alex Palesandro, Denis Bourge, Charles Henrotte, Houssem Kanzari, Marko Vukolic, Jagath Weerasinghe, Reda Yaich, Nora Cuppens, Frédéric Cuppens (+4 others)
2017 Zenodo  
support for cross-layer security, hardware-based isolation and trust management using Intel SGX technology, and support for cloud FPGAs; and a self-management infrastructure including a security orchestrator  ...  We start by giving a general overview of the structure of the overall security framework for computation.  ...  realizes a quote operation used for attestation between remote SGX platforms: it performs a secure hash of a report, generates an RSA key for future communications between remotely attested elements,  ... 
doi:10.5281/zenodo.836962 fatcat:eypxpidvzzbu3ckki4ny3qf6xe

Time to Rethink: Trust Brokerage Using Trusted Execution Environments [chapter]

Patrick Koeberl, Vinay Phegade, Anand Rajan, Thomas Schneider, Steffen Schulz, Maria Zhdanova
2015 Lecture Notes in Computer Science  
As the assurance and availability of hardware-based Trusted Execution Environments (TEEs) is increasing, we propose an alternative direction of using TEEs as "neutral" environments for efficient yet secure  ...  Some applications may only require a generic TEE compatibility layer, while others will uniquely benefit from the deployment and policy negotiation technology supported by TEEs.  ...  Privacy-preserving filtering schemes must be applied to prevent such attacks, and the system must allow the data owners to flexibly negotiate and enforce such policies.  ... 
doi:10.1007/978-3-319-22846-4_11 fatcat:ixdllo7h7zc6zb3fygbzyba24u

PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution [chapter]

Ning Zhang, Jin Li, Wenjing Lou, Y. Thomas Hou
2018 Lecture Notes in Computer Science  
Using remote attestation and TEE, Pri-vacyGuard ensures that data is only used for the intended purposes approved by the data owner.  ...  While the original intended use of such data is primarily for smart IoT system and device control, the data is often used for other purposes not explicitly consented to by the users.  ...  -Policy Generation and Contract Negotiation Our framework allows a data owner to define the access policy for the data he generated.  ... 
doi:10.1007/978-3-030-00305-0_24 fatcat:5votqzt4pzgllc75uunftckc5a

Beyond secure channels

Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, N. Asokan
2007 Proceedings of the 2007 ACM workshop on Scalable trusted computing - STC '07  
We also present a concrete implementation proposal based on Transport Layer Security (TLS) protocol, and Trusted Computing technology.  ...  We use Subject Key Attestation Evidence extensions to X.509v3 certificates to convey configuration information during key agreement (TLS handshake).  ...  ACKNOWLEDGEMENTS The authors would like to thank the anonymous reviewers for their very valuable comments and their helpful suggestions.  ... 
doi:10.1145/1314354.1314363 dblp:conf/ccs/GasmiSSUA07 fatcat:2lhina4qhzcm7e6n55ggo2ftpa

An Infrastructure for Faithful Execution of Remote Attestation Protocols [article]

Adam Petz, Perry Alexander
2020 arXiv   pre-print
Copland is a domain-specific language for specifying layered attestation protocols, characterizing attestation-relevant system events, and describing evidence bundling.  ...  Remote attestation is an emerging technology for establishing trust in a remote computing system.  ...  checking-as-attestation example is trivial, it exposes critical characteristics of attestation protocols that motivate and impact verification: -Flexible mechanism-There is no single way for performing  ... 
arXiv:2012.10511v1 fatcat:6pmyre4oavgg7kwhwk7mkoteza

Behavioral attestation for web services (BA4WS)

Masoom Alam, Xinwen Zhang, Mohammad Nauman, Tamleek Ali
2008 Proceedings of the 2008 ACM workshop on Secure web services - SWS '08  
In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services  ...  Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments  ...  The XACML behavior policy is built on top of WS-Attestation in order to enable a more fine-grained and flexible mechanism for incorporating attestation at the web services level.  ... 
doi:10.1145/1456492.1456496 dblp:conf/sws/AlamZNA08 fatcat:rhn5clshtbhu5hsyxkfovkb2dy

HTTPA/2: a Trusted End-to-End Protocol for Web Services [article]

Gordon King, Hans Wang
2022 arXiv   pre-print
Comparatively, the previous work [10] is mainly focused on how to include Remote Attestation (RA) and secret provisioning to HTTP protocol in assumption of using Transport Layer Security (TLS) across Internet  ...  In contrast, HTTPA/2 does not need TLS protocol, such as TLS 1.3 [19], for secure communication over Internet.  ...  Furthermore, HTTPA/2 provides flexibility for service provider to decide which part of the HTTP message is required to be protected.  ... 
arXiv:2205.01052v2 fatcat:lhx6zrxvq5alfkwgx27nhhgzyq
« Previous Showing results 1 — 15 out of 9,236 results