论文信息 - Property Attestation — Scalable and Privacy-friendly Security Assessment of Peer Computers

Property Attestation — Scalable and Privacy-friendly Security Assessment of Peer Computers

A core security challenge is the integrity verification of the software that is executed on a machine. For example, an enterprise needs to know whether a gateway machine has been infected by malicious code. One prevailing approach is to use directories of configuration check-sums to detect when a configuration has been changed (see www.tripwire.org). These software-only solutions have limitations when the operating system itself is compromised. The tamper-resistant Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG) allows a TPM-enhanced platform to securely attest to a configuration of a machine. Based on such binary attestation, a verifying peer computer can then decide whether or not to trust the verified platform. In this paper, we argue that the approach of binary attestation is not privacyfriendly, scalable or open and vendor-neutral. The main criticism is that this approach needlessly discloses the complete configuration (i.e., all executed software) of a machine. The focus of binary attestation are the binaries instead of their security. We present a protocol and architecture for property attestation that resolves these problems. With property attestation, a verifier is securely assured of security properties of the verified platform’s execution environment without receiving detailed configuration data. This enhances privacy and scalability since the verifier needs to be aware of its few required security properties instead of an huge number of acceptable configurations.

M. Schunter | M. Waidner | E. V. Herreweghen | J. Poritz | M. Waidner

[1] Bennet S. Yee,et al. Using Secure Coprocessors , 1994 .

[2] William A. Arbaugh,et al. A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3] Jochen Liedtke,et al. The performance of μ-kernel-based systems , 1997, SOSP.

[4] Marianne Winslett,et al. PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet , 2000, CCS.

[5] Sean W. Smith,et al. Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[6] Marianne Winslett,et al. Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[7] Birgit Pfitzmann,et al. The PERSEUS System Architecture , 2001 .

[8] Marianne Winslett,et al. Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[9] Marianne Winslett,et al. Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[10] Siani Pearson,et al. Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[11] Tal Garfinkel,et al. Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[12] Trent Jaeger,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[13] Sean W. Smith. Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.