Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions

Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensive middleware-based solution leveraging on Web services technologies. However, potential merits of hardware-based solutions to further secure application exposure have not been considered so far. This paper describes a method for combining software resource level security features offered by Web services technologies, with the hardware-based security mechanisms offered by trusted computing platform and system virtualisation approaches. In particular, we propose trust-based architecture for protecting the enforcement middleware deployed at the policy enforcement endpoints of Web and grid services. The main motivation is to additionally secure execution environment of the applications, by providing virtual machine level separation that maps from logical domains imposed by Web services level enforcement policies.

[1]  Theodosis Dimitrakos,et al.  Extendable and Adaptive Message-Level Security Enforcement Framework , 2006, International conference on Networking and Services (ICNS'06).

[2]  T. Chiueh,et al.  A Survey on Virtualization Technologies , 2005 .

[3]  Pierluigi Ritrovato,et al.  Dynamic security perimeters for inter-enterprise service integration , 2007, Future Gener. Comput. Syst..

[4]  Renato J. O. Figueiredo,et al.  Guest Editors' Introduction: Resource Virtualization Renaissance , 2005, Computer.

[5]  Xuxian Jiang,et al.  SODA: a service-on-demand architecture for application service hosting utility platforms , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[6]  Fei Yan,et al.  Daonity: grid security with behaviour conformity from trusted computing , 2006, STC '06.

[7]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[8]  Tipster Se Cm Architecture Overview , 1996, TIPSTER.

[9]  Matteo Gaeta,et al.  A Grid Computing for Online Games , 2006 .

[10]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[11]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[12]  Robert J. Creasy,et al.  The Origin of the VM/370 Time-Sharing System , 1981, IBM J. Res. Dev..