论文信息 - Enhancing Flexibility of TCG's TNC through Layered Property Attestation

Enhancing Flexibility of TCG's TNC through Layered Property Attestation

TCG's trusted network connect (TNC) architecture improves network security through remote attestation. However, because of the deficiencies of existing binary attestation and property attestation, current TNC is not flexible and privacy-friendly enough to be used in a large scale network environment such as Internet. Aiming at these problems, this paper firstly analyzes the relations among system properties in the context of TCG-based remote attestation and proposes a new property relation model. Then a layered property attestation framework is proposed based on this model. Finally these ideas are used in the design of a real trusted network connect system. It is shown that the verifier need only obtain and verify the specific integrity measurement that he is interested in and the privacy of the attester's configuration is protected reasonably.

Aimin Yu | Shijun Zhao

[1] Ulrich Kühn,et al. Realizing property-based attestation and sealing with commonly available hard- and software , 2007, STC '07.

[2] Robert H. Deng,et al. Remote attestation on program execution , 2008, STC '08.

[3] Shouhuai Xu,et al. Proceedings of the 3rd ACM workshop on Scalable trusted computing , 2008, CCS 2008.

[4] Michael Franz,et al. Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[5] Trent Jaeger,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[6] José Carlos Brustoloni,et al. Uclinux: a linux security module for trusted-computing-based usage controls enforcement , 2007, STC '07.

[7] M. Schunter,et al. Property Attestation — Scalable and Privacy-friendly Security Assessment of Peer Computers , 2004 .

[8] Ahmad-Reza Sadeghi,et al. Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[9] Trent Jaeger,et al. PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[10] Ahmad-Reza Sadeghi,et al. A protocol for property-based attestation , 2006, STC '06.

[11] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.