Symmetric behavior-based trust: a new paradigm for internet computing

Current models of Internet Computing are highly asymmetric - a host protects itself from malicious mobile Java programs, but there is no way to get assurances about the behavior of a program running remotely. The asymmetry stems from a behavior-based security model: hosts ensure conformance to a given security policy by restricting the actions of programs. In contrast, security models that are based on cryptography (including code signing) are inherently symmetric by design but do not match the open architecture of the Internet and are unsuitable for reasoning about program behavior. We propose a new paradigm that combines the openness of the former with the symmetry of the latter and thereby enables completely new applications in a globally connected world.

[1]  Michael Franz,et al.  Mandatory Access Control at the Object Level in the Java Virtual Machine , 2004 .

[2]  David Platt Introducing Microsoft .NET, Third Edition , 2003 .

[3]  Tal Garfinkel,et al.  Flexible OS Support and Applications for Trusted Computing , 2003, HotOS.

[4]  Ross J. Anderson Cryptography and competition policy: issues with 'trusted computing' , 2003, PODC '03.

[5]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[6]  George C. Necula A Scalable Architecture for Proof-Carrying Code , 2001, FLOPS.

[7]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[8]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[9]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[10]  Robert Tappan Morris,et al.  USENIX Association Proceedings of HotOS IX : The 9 th Workshop on Hot Topics in Operating Systems , 2003 .

[11]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  Dirk Fox Computer Emergency Response Team (CERT) , 2002, Datenschutz und Datensicherheit.

[13]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[14]  Dawson R. Engler,et al.  Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[16]  David S. Platt,et al.  Introducing Microsoft® .NET , 2001 .

[17]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[18]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .