Remote Attestation of Attribute Updates and Information Flows in a UCON System

  • Mohammad Nauman
  • Masoom Alam
  • Xinwen Zhang
  • Tamleek Ali
Conference paper

DOI: 10.1007/978-3-642-00587-9_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)
Cite this paper as:
Nauman M., Alam M., Zhang X., Ali T. (2009) Remote Attestation of Attribute Updates and Information Flows in a UCON System. In: Chen L., Mitchell C.J., Martin A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg

Abstract

UCON is a highly flexible and expressive usage control model which allows an object owner to specify detailed usage control policies to be evaluated on a remote platform. Assurance of correct enforcement is mandatory for the establishment of trust on the remote platform claiming to implement UCON. Without such an assurance, there is no way of knowing whether the policies attached to the objects will be enforced as expected. Remote attestation, an important component of Trusted Computing, is highly suitable for establishing such an assurance. Existing approaches towards remote attestation work at a very coarse-grained level and mostly only measure binary hashes of the applications on the remote platform. Solutions at this level of abstraction cannot provide assurance to a challenger regarding behavior of a remote platform concerning enforcement of the owner’s policies. In this paper, we provide a new remote attestation technique which allows a challenger to verify two important behaviors of a UCON system enforcing its policies. These two behaviors are the attribute update behavior and information flow behavior. Measuring, storing and reporting these behaviors in a trusted manner is described in detail and a mechanism for the verification of these behaviors against the original UCON policies is provided. The end result is a flexible and scalable technique for establishing trust on attribute updates and information flow behaviors of a remote UCON system.

Keywords

Information flow remote attestation usage control security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mohammad Nauman
    • 1
  • Masoom Alam
    • 1
  • Xinwen Zhang
    • 2
  • Tamleek Ali
    • 1
  1. 1.Security Engineering Research GroupInstitute of Management SciencesPeshawarPakistan
  2. 2.Samsung Information Systems AmericaSan JoséUSA

Personalised recommendations