Peer-to-peer access control architecture using trusted computing technology

It has been recognized for some time that software alone does not provide an adequate foundation for building a high-assurance trusted platform. The emergence of industry-standard trusted computing technologies promises a revolution in this respect by providing roots of trust upon which secure applications can be developed. These technologies offer a particularly attractive platform for security in peer-to-peer environments. In this paper we propose a trusted computing architecture to enforce access control policies in such applications. Our architecture is based on an abstract layer of trusted hardware which can be constructed with emerging trusted computing technologies. A trusted reference monitor (TRM) is introduced beyond the trusted hardware. By monitoring and verifying the integrity and properties of running applications in a platform using the functions of trusted computing, the TRM can enforce various policies on behalf of object owners. We further extend this platform-based architecture to support user-based control policies, cooperating with existing services for user identity and attributes. This architecture and its refinements can be extended in future work to support general access control models such as lattice-based access control, role-based access control, and usage control.

[1]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[2]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Ravi S. Sandhu,et al.  Engineering authority and trust in cyberspace: the OM-AM and RBAC way , 2000, RBAC '00.

[5]  Ravi S. Sandhu,et al.  Binding identities and attributes using digitally signed certificates , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[6]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[7]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[8]  Ahmad-Reza Sadeghi,et al.  Taming "Trusted Platforms" by Operating System Design , 2003, WISA.

[9]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[10]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[11]  Jaehong Park,et al.  A logical specification for usage control , 2004, SACMAT '04.

[12]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[13]  Michael D. Smith,et al.  Trusted Computing, Peer-to-Peer Distribution, and The Economics of Pirated Entertainment , 2004, Economics of Information Security.

[14]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[15]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[16]  Dennis J. Turner,et al.  Symantec Internet Security Threat Report Trends for July 04-December 04 , 2005 .