Behavior-based Attestation of Policy Enforcement among Trusted Virtual Domains

With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow. According to behavior compliance, this paper proposes a behavior-based attestation of policy enforcement for distributed services in trusted virtual machine, which is adapted to trusted virtual domain. In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. The advantage of this approach is that it is not tied to any specific type of security policy, and it addresses the verification when security policies in two individual virtual domains are inconsistent. Besides, the approach easily extends remote attestation to others’ behavior.

[1]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[2]  Chris I. Dalton,et al.  Towards automated provisioning of secure virtualized networks , 2007, CCS '07.

[3]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[4]  J. Aaron Pendergrass,et al.  Linux kernel integrity measurement using contextual inspection , 2007, STC '07.

[5]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[6]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[7]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[8]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[9]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Special Aspects and Challenges , 2008, SOFSEM.

[10]  Xinwen Zhang,et al.  Remote Attestation of Attribute Updates and Information Flows in a UCON System , 2009, TRUST.

[11]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[12]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[13]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[14]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[15]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[16]  Xiaoyong Li,et al.  An Efficient Attestation for Trustworthiness of Computing Platform , 2006, 2006 International Conference on Intelligent Information Hiding and Multimedia.