Flexible Attestation of Policy Enforcement for Sensitive Dataflow Leakage Prevention

With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow, but the existing schemes could not satisfy the higher requirements of flexibility and security in the environment of sensitive dataflow leakage prevention. According to behavior compliance, this paper proposes a flexible and behavior-based attestation of compliance and enforcement of security policies for data prevention, which is adapted to inter-domain and intra-domain. In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. The advantage of this approach is that it is not tied to any specific type of security policy, and it addresses the verification when security policies in two individual virtual domains are inconsistent.

[1]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[2]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[3]  Jean-Pierre Seifert,et al.  Model-based behavioral attestation , 2008, SACMAT '08.

[4]  Xiaoyong Li,et al.  An Efficient Attestation for Trustworthiness of Computing Platform , 2006, 2006 International Conference on Intelligent Information Hiding and Multimedia.

[5]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[6]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[7]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[8]  Xinwen Zhang,et al.  Remote Attestation of Attribute Updates and Information Flows in a UCON System , 2009, TRUST.

[9]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Special Aspects and Challenges , 2008, SOFSEM.

[10]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[11]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[12]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[13]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.