Abstract
Existing remote attestation schemes based on trusted computing have some merits on enhancing security assurance level, but they usually do not integrate tightly with the classical system security mechanism. In this paper, we present a component named remote attestation-based access controller (RABAC), which is based on a combination of techniques, such as random number, Bell-La Padula (BLP) model, user identity combined with his security properties and so on. The component can validate the current hardware and software integrity of the remote platform, and implement access control with different security policy. We prove that the RABAC can not only improve the security of transferred information in remote attestation process but also integrate remote attestation and classical system security mechanism effectively.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Trusted Computing Group. TCG Specification Architecture Overview, Revision 1.4 [DB/OL]. [2009-08-02]. http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_14_Architecture_Overview.pdf .
Pearson S. Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy[M]. Berlin: Springer-Verlag, 2005.
Shen Changxiang, Zhang Huanguo, Feng Dengguo, et al. Survey of information security [J]. Science in China (Information Sciences), 2007, 37(2): 129–150.
Trusted Computing Group. TPM main specifications —part 1 design principles [DB/OL]. [2009-07-09]. http://www.trustedcomputinggroup.org/files/resource_files/ACD19914-1D09-3519-ADA64741A1A15795/mainP1DPrev103.zip .
Lin Chuang, Peng Xuehai. Research on trustworthy networks [J]. Chinese Journal of Computers, 2005, 28(5): 751–758(Ch).
Schellekens D, Wyseur B, Preneel B. Remote attestation on legacy operating systems with trusted platform modules[J]. Electronic Notes in Theoretical Computer Science, 2008, 197(1): 59–72.
Alam M, Zhang X W, Nauman M. et al. Model-based behavioral attestation [C]//Proc SCAMAT08. Estes Park: ACM Press, 2008: 175–184.
Seshadri M, Luk E, Shi A, et al. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms [C]// Proc ACM SIGOPS Operating Systems Review, SOSP’05, Brighton: ACM Press, 2005: 1–16.
Seshadri A, Perrig A, van Doorn L, et al. SWATT: Software-based attestation for embedded devices [C]// Proceedings of the IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society, 2004: 272–282.
Sailer R, Jaeger T, Valdez E, et al. Building a MAC-based security architecture for the Xen open-source hypervisor [C]//Proceedings of the 21st Annual Computer Security Applications Conference. Washington D C: IEEE Computer Society, 2005: 276–285.
Mao Wenbo, Yan Fei, Chen Chunrun. Daonity: Grid security with behaviour conformity from trusted computing [C] //Proceedings of STC06. Virginia: ACM Press, 2006: 43–46.
Sandhu R, Zhang X W. Peet-to-peer access control architecture using trusted computing technology [C]//Proceedings of the 10th ACM Symposium on Access Control Models and Technologies. Stockholm: ACM Press, 2005: 147–158.
Yoshihama S, Ebringer T, Nakamura M, et al. WS-attestation: Efficient and fine-grained remote attestation on web services [C]// Proceedings of the IEEE International Conference on Web Services. Washington D C: IEEE Computer Society, 2005: 743–750.
Sadeghi R, Stuble C. Property-based attestation for computing platforms: Caring about properties, not mechanisms [C]// Proceedings of the 2004 workshop on New security paradigms. Nova Scotia: ACM Press, 2004: 67–77.
Haldar V, Franz M. Symmetric behavior-based trust: A new paradigm for internet computing [C]// Proceedings of the 2004 workshop on New security paradigms. Nova Scotia: ACM Press, 2004: 79–84.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National High Technology Research and Development Program of China (863 Program) (2006AA01Z440) and the National Basic Research Program of China (973 Program) (2007CB311100)
Biography: LIU Xiangang, male, Ph.D. candidate, research direction: information security and trusted computing.
Rights and permissions
About this article
Cite this article
Liu, X., Zhang, X., Fu, Y. et al. Remote attestation-based access control on trusted computing platform. Wuhan Univ. J. Nat. Sci. 15, 190–194 (2010). https://doi.org/10.1007/s11859-010-0302-x
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-010-0302-x