Skip to main content
SpringerLink
Log in

Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels

  • Conference paper
Trusted Computing (Trust 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5471))

Included in the following conference series:

Abstract

This paper presents a Common Criteria protection profile for high assurance security kernels (HASK-PP) based on the results and experiences of several (international) projects on design and implementation of trustworthy platforms. Our HASK-PP was motivated by the fact that currently no protection profile is available that appropriately covers trusted computing features such as trusted boot, sealing, and trusted channels (secure channels with inherent attestation).

In particular, we show how trusted computing features are modeled in the HASK protection profile without depending on any concrete implementation for these features. Instead, this is left to the definition of the security targets of a an IT product which claims conformance to the HASK-PP. Our HASK protection profile was evaluated and certified at evaluation assurance level five (EAL5) by the German Federal Office for Information Security (BSI).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common Criteria for Information Technology Security Evaluation, http://www.commoncriteriaportal.org/thecc.html

  2. Trusted Computing Group: TPM Main Specification Version 1.2 rev. 103 (July 2007), https://www.trustedcomputinggroup.org

  3. Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks 31(8), 831–860 (1999)

    Article  Google Scholar 

  4. Yee, B.S.: Using Secure Coprocessors. PhD thesis, School of Computer Science, Carnegie Mellon University, CMU-CS-94-149 (May 1994)

    Google Scholar 

  5. Kurth, H., Krummeck, G., Stüble, C., Weber, M., Winandy, M.: HASK-PP: Protection profile for a high assurance security kernel (2008), http://www.sirrix.com/media/downloads/54500.pdf

  6. European Multilaterally Secure Computing Base, http://www.emscb.de

  7. Open Trusted Computing, http://www.opentc.net

  8. Sichere Inter-Netzwerk Architektur (SINA), http://www.bsi.bund.de/fachthem/sina/index.htm

  9. Sadeghi, A.R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD 28(9), 548–554 (2004)

    Google Scholar 

  10. Schroeder, M.D.: Engineering a security kernel for Multics. In: SOSP 1975: Proceedings of the fifth ACM symposium on Operating systems principles, pp. 25–32. ACM, New York (1975)

    Google Scholar 

  11. Walter, K.G., Schaen, S.I., Ogden, W.F., Rounds, W.C., Shumway, D.G., Schaeffer, D.D., Biba, K.J., Bradshaw, F.T., Ames, S.R., Gilligan, J.M.: Structured specification of a security kernel. In: Proceedings of the international conference on Reliable software, pp. 285–293. ACM, New York (1975)

    Chapter  Google Scholar 

  12. Chittenden, B., Higgins, P.J.: The security kernel approach to secure operating systems. In: ACM-SE 17: Proceedings of the 17th Annual Southeast Regional Conference, pp. 136–137. ACM, New York (1979)

    Chapter  Google Scholar 

  13. Ames Jr., S.R., Gasser, M., Schell, R.R.: Security kernel design and implementation: An introduction. Computer 16(7), 14–22 (1983)

    Article  Google Scholar 

  14. Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A retrospective on the VAX VMM security kernel. IEEE Transactions on Software Engineering 17(11), 1147–1163 (1991)

    Article  Google Scholar 

  15. Kemmerer, R.A.: Formal verification of the UCLA security kernel: abstract model, mapping functions, theorem generation, and proofs. PhD thesis (1979)

    Google Scholar 

  16. Millen, J.K.: Security kernel validation in practice. Commun. ACM 19(5), 243–250 (1976)

    Article  Google Scholar 

  17. Rushby, J.: Design and verification of secure systems. In: SOSP 1981: Proceedings of the 8th ACM Symposium on Operating Systems Principles, pp. 12–21. ACM, New York (1981)

    Google Scholar 

  18. Silverman, J.M.: Reflections on the verification of the security of an operating system kernel. In: SOSP 1983: Proceedings of the ninth ACM symposium on Operating systems principles, pp. 143–154. ACM, New York (1983)

    Chapter  Google Scholar 

  19. DeLong, R.J.: LynxSecure separation kernel – a high-assurance security RTOS. Technical report, LynuxWorks, San Jose, CA (May 2007)

    Google Scholar 

  20. Green Hills Software Inc.: INTEGRITY PC Technology (November 2008), http://www.ghs.com/products/rtos/integritypc.html

  21. Wind River Systems Inc.: Wind River High-Assurance Solutions for Aerospace & Defense. Whitepaper (February 2008), http://www.windriver.com/products/product-verviews/PO_MILS_Solution_Feb2008.pdf

  22. Martin, W.B., White, P.D., Taylor, F.S.: Creating high confidence in a separation kernel. Automated Software Engineering. 9(3), 263–284 (2002)

    Article  MATH  Google Scholar 

  23. Heitmeyer, C.L., Archer, M., Leonard, E.I., McLean, J.: Formal specification and verification of data separation in a separation kernel for an embedded system. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 346–355. ACM, New York (2006)

    Google Scholar 

  24. Information Assurance Directorate: U.S. government protection profile for separation kernels in environments requiring high robustness (SKPP) (2007), http://www.niap-ccevs.org/cc-scheme/pp/pp.cfm/id/pp_skpp_hr_v1.03

  25. Nguyen, T., Levin, T., Irvine, C.: High robustness requirements in a common criteria protection profile. In: IEEE International Information Assurance Workshop (2006)

    Google Scholar 

  26. DeLong, R.J., Nguyen, T., Irvine, C., Levin, T.: Toward a medium-robustness separation kernel protection profile. In: ACSAC 2007. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  27. Levin, T.E., Irvine, C.E., Weissman, C., Nguyen, T.D.: Analysis of three multilevel security architectures. In: CSAW 2007: Proceedings of the 2007 ACM workshop on Computer security architecture, pp. 37–46. ACM, New York (2007)

    Chapter  Google Scholar 

  28. National Security Agency: Controlled access protection profile (CAPP) (1999), http://www.niap-ccevs.org/cc-scheme/pp/id/PP_OS_CA_V1.d

  29. National Security Agency: Labeled security protection profile (LSPP) (1999), http://www.niap-ccevs.org/cc-scheme/pp/id/PP_OS_LS_V1.b

  30. Reynolds, J., Chandramouli, R.: Role-based access control protection profile (RBAC-PP), CygnaCom Solutions, Inc. and National Institute of Standards and Testing (1998), http://www.niap-ccevs.org/cc-scheme/pp/id/PP_RBAC_V1.0

  31. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 65–71. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  32. Arbaugh, W.A., Keromytis, A.D., Farber, D.J., Smith, J.M.: Automated recovery in a secure bootstrap process. In: Proceedings of the Symposium on Network and Distributed Systems Security (NDSS 1998), San Diego, California, pp. 155–167 (2008)

    Google Scholar 

  33. Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: Proceedings of the 1st ACM Workshop on Scalable Trusted Computing (STC 2006), pp. 21–24. ACM, New York (2006)

    Chapter  Google Scholar 

  34. Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC 2006) (Fall 2006)

    Google Scholar 

  35. Sadeghi, A.R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.E.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing (STC 2007), pp. 30–40. ACM, New York (2007)

    Chapter  Google Scholar 

  37. Armknecht, F., Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Ramunno, G., Vernizzi, D.: An efficient implementation of trusted channels based on OpenSSL. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), pp. 41–50. ACM, New York (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

    Hans Löhr, Ahmad-Reza Sadeghi & Marcel Winandy

  2. Sirrix AG, Bochum, Germany

    Christian Stüble

  3. Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

    Marion Weber

Authors
  1. Hans Löhr
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Stüble
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marion Weber
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marcel Winandy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Filton Road, BS34 8QZ, Bristol, Stoke Gifford, UK

    Liqun Chen

  2. Information Security Group, Royal Holloway, University of London, TW20 0EX, Surrey, Egham, UK

    Chris J. Mitchell

  3. Oxford University Computing Laboratory, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK

    Andrew Martin

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Löhr, H., Sadeghi, AR., Stüble, C., Weber, M., Winandy, M. (2009). Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00587-9_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00586-2

  • Online ISBN: 978-3-642-00587-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation