Remote Attestation with Domain-Based Integrity Model and Policy Analysis

We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

[1]  Jean-Pierre Seifert,et al.  Model-based behavioral attestation , 2008, SACMAT '08.

[2]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[3]  Gail-Joon Ahn,et al.  Systematic Policy Analysis for High-Assurance Services in SELinux , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[4]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[5]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[6]  Gail-Joon Ahn,et al.  Visualization based policy analysis: case study in SELinux , 2008, SACMAT '08.

[7]  Trent Jaeger,et al.  A logical specification and analysis for SELinux MLS policy , 2007, SACMAT '07.

[8]  Trent Jaeger,et al.  Toward Automated Information-Flow Integrity Verification for Security-Critical Applications , 2006, NDSS.

[9]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[10]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[13]  Stephen Smalley,et al.  Configuring the SELinux Policy , 2008 .

[14]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[15]  Ahmad-Reza Sadeghi,et al.  A protocol for property-based attestation , 2006, STC '06.

[16]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[17]  Timothy Fraser,et al.  LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Joshua D. Guttman,et al.  Information Flow in Operating Systems: Eager Formal Methods , 2003 .

[19]  S. Stoller,et al.  Policy Analysis for Security-Enhanced Linux ∗ , 2003 .

[20]  Gail-Joon Ahn,et al.  Towards System Integrity Protection with Graph-Based Policy Analysis , 2009, DBSec.

[21]  Marc Green,et al.  Toward a Perceptual Science of Multidimensional Data Visualization : Bertin and Beyond , 1998 .