Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trusted Computing

Trust 2009: Trusted Computing pp 63–80Cite as

Remote Attestation of Attribute Updates and Information Flows in a UCON System

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5471))

Abstract

UCON is a highly flexible and expressive usage control model which allows an object owner to specify detailed usage control policies to be evaluated on a remote platform. Assurance of correct enforcement is mandatory for the establishment of trust on the remote platform claiming to implement UCON. Without such an assurance, there is no way of knowing whether the policies attached to the objects will be enforced as expected. Remote attestation, an important component of Trusted Computing, is highly suitable for establishing such an assurance. Existing approaches towards remote attestation work at a very coarse-grained level and mostly only measure binary hashes of the applications on the remote platform. Solutions at this level of abstraction cannot provide assurance to a challenger regarding behavior of a remote platform concerning enforcement of the owner’s policies. In this paper, we provide a new remote attestation technique which allows a challenger to verify two important behaviors of a UCON system enforcing its policies. These two behaviors are the attribute update behavior and information flow behavior. Measuring, storing and reporting these behaviors in a trusted manner is described in detail and a mechanism for the verification of these behaviors against the original UCON policies is provided. The end result is a flexible and scalable technique for establishing trust on attribute updates and information flow behaviors of a remote UCON system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: SACMAT 2002: Proceedings of the seventh ACM Symposium on Access Control Models and Technologies, pp. 57–64. ACM Press, New York (2002)

    Chapter  Google Scholar 

  2. Trusted Computing Group, http://www.trustedcomputinggroup.org/

  3. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2004)

    Google Scholar 

  4. Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT 2006: Proceedings of the eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)

    Chapter  Google Scholar 

  5. Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)

    Google Scholar 

  6. Alam, M., Zhang, X., Nauman, M., Ali, T., Seifert, J.P.: Model-based Behavioral Attestation. In: SACMAT 2008: Proceedings of the thirteenth ACM symposium on Access control models and technologies. ACM Press, New York (2008)

    Google Scholar 

  7. Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21–29. ACM, New York (2007)

    Chapter  Google Scholar 

  8. Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.S.: Toward a Usage-Based Security Framework for Collaborative Computing Systems. ACM Trans. Inf. Syst. Secur. 11(1) (2008)

    Google Scholar 

  9. Srivatsa, M., Balfe, S.: Trust Management For Secure Information Flows. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 175–187. ACM, New York (2008)

    Chapter  Google Scholar 

  10. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)

    Article  Google Scholar 

  11. Zhang, X., Sandhu, R., Parisi-Presicce, F.: Safety Analysis of Usage Control Authorization Models. In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pp. 243–254. ACM, New York (2006)

    Chapter  Google Scholar 

  12. Kanerva, P.: Anonymous Authorization in Networked Systems: An Implementation of Physical Access Control System. Masters Thesis. Helsinki University of Technology (March 2001)

    Google Scholar 

  13. Bella, G., Paulson, L.C., Massacci, F.: The Verification of an Industrial Payment Protocol: the SET Purchase Phase. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 12–20. ACM, New York (2002)

    Google Scholar 

  14. TCG Software Stack (TSS) Specifications, https://www.trustedcomputinggroup.org/specs/TSS/

  15. Trusted Computing for the Java(tm) Platform, http://trustedjava.sourceforge.net/

  16. Java Community Process. JSR321: Trusted Computing API for Java, http://jcp.org/en/jsr/detail?id=321

  17. Alam, M., Zhang, X., Nauman, M., Ali, T.: Behavioral Attestation for Web Services (BA4WS). In: SWS 2008: Proceedings of the ACM Workshop on Secure Web Services (SWS) located at 15th ACM Conference on Computer and Communications Security (CCS-15). ACM Press, New York (2008)

    Google Scholar 

  18. Guttman, J.: Verifying Information Flow Goals in Security-Enhanced Linux. Journal of Computer Security 13(1), 115–134 (2005)

    Article  MathSciNet  Google Scholar 

  19. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  20. Myers, A.C.: JFlow: Practical Mostly-static Information Flow Control. In: POPL 1999: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 228–241. ACM, New York (1999)

    Google Scholar 

  21. Haldar, V., Chandra, D., Franz, M.: Practical, Dynamic Information-flow for Virtual Machines, www.vivekhaldar.com/pubs/plid2005.pdf

  22. Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: A Virtual Machine Based Information Flow Control System for Policy Enforcement. Electronic Notes in Theoretical Computer Science 197(1), 3–16 (2008)

    Article  Google Scholar 

  23. Thober, M., Pendergrass, J.A., McDonell, C.D.: Improving Coherency of Runtime Integrity Measurement. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)

    Google Scholar 

  24. Gu, L., Ding, X., Deng, R., Xie, B., Mei, H.: Remote Attestation on Program Execution. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)

    Google Scholar 

  25. Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation – A Virtual Machine directed approach to Trusted Computing In. Proc. of the Third Virtual Macine Research and Technology Symposium USENIX (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security Engineering Research Group, Institute of Management Sciences, Peshawar, Pakistan

    Mohammad Nauman, Masoom Alam & Tamleek Ali

  2. Samsung Information Systems America, San José, USA

    Xinwen Zhang

Authors
  1. Mohammad Nauman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masoom Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tamleek Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Filton Road, BS34 8QZ, Bristol, Stoke Gifford, UK

    Liqun Chen

  2. Information Security Group, Royal Holloway, University of London, TW20 0EX, Surrey, Egham, UK

    Chris J. Mitchell

  3. Oxford University Computing Laboratory, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK

    Andrew Martin

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nauman, M., Alam, M., Zhang, X., Ali, T. (2009). Remote Attestation of Attribute Updates and Information Flows in a UCON System. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00587-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00586-2

  • Online ISBN: 978-3-642-00587-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation