Trust and Trustworthy Computing

Web services require complex middleware in order to communicate using XML standards. However, this software increases vulnerability to runtime attack and makes remote attestation difficult. We propose to solve this problem by dividing services onto two platforms, an untrusted front-end, implementing the middleware, and a trustworthy back-end with a minimal trusted computing base.

[1]  Calton Pu,et al.  A Secure Information Flow Architecture for Web Service Platforms , 2008, IEEE Transactions on Services Computing.

[2]  Ahmad-Reza Sadeghi,et al.  A Demonstrative Ad Hoc Attestation System , 2008, ISC.

[3]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[4]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[5]  Bart Preneel,et al.  Remote Attestation on Legacy Operating Systems With Trusted Platform Modules , 2008, Electron. Notes Theor. Comput. Sci..

[6]  Leon Gommans,et al.  Web services and grid security vulnerabilities and threats analysis and model , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[7]  Hiroshi Maruyama,et al.  Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components , 2006, ESORICS.

[8]  Andrew P. Martin,et al.  On the Feasibility of Remote Attestation for Web Services , 2009, 2009 International Conference on Computational Science and Engineering.