论文信息 - Using Secure Coprocessors to Protect Access to Enterprise Networks

Using Secure Coprocessors to Protect Access to Enterprise Networks

Enterprise firewalls can be easily circumvented, e.g. by attack agents aboard infected mobile computers or telecommuters' computers, or by attackers exploiting rogue access points or modems. Techniques that prevent connection to enterprise networks of nodes whose configuration does not conform to enterprise policies could greatly reduce such vulnerabilities. Network Admission Control (NAC) and Network Access Protection (NAP) are recent industrial initiatives to achieve such policy enforcement. However, as currently specified, NAC and NAP assume that users are not malicious. We propose novel techniques using secure coprocessors to protect access to enterprise networks. Experiments demonstrate that the proposed techniques are effective against malicious users and have acceptable overhead.

[1] Sean W. Smith,et al. Open-source applications of TCPA hardware , 2004, 20th Annual Computer Security Applications Conference.

[2] Edward W. Felten,et al. Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? , 2003, IEEE Secur. Priv..

[3] Lars Richter,et al. Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) , 2005 .

[4] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[5] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6] Glen Zorn,et al. Protected EAP Protocol (PEAP) Version 2 , 2004 .

[7] Trent Jaeger,et al. Attestation-based policy enforcement for remote access , 2004, CCS '04.

[8] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[9] Siani Pearson,et al. Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[10] Trent Jaeger,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.