Remote Attestation of Attribute Updates and Information Flows in a UCON System

  • Mohammad Nauman
  • Masoom Alam
  • Xinwen Zhang
  • Tamleek Ali
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)


UCON is a highly flexible and expressive usage control model which allows an object owner to specify detailed usage control policies to be evaluated on a remote platform. Assurance of correct enforcement is mandatory for the establishment of trust on the remote platform claiming to implement UCON. Without such an assurance, there is no way of knowing whether the policies attached to the objects will be enforced as expected. Remote attestation, an important component of Trusted Computing, is highly suitable for establishing such an assurance. Existing approaches towards remote attestation work at a very coarse-grained level and mostly only measure binary hashes of the applications on the remote platform. Solutions at this level of abstraction cannot provide assurance to a challenger regarding behavior of a remote platform concerning enforcement of the owner’s policies. In this paper, we provide a new remote attestation technique which allows a challenger to verify two important behaviors of a UCON system enforcing its policies. These two behaviors are the attribute update behavior and information flow behavior. Measuring, storing and reporting these behaviors in a trusted manner is described in detail and a mechanism for the verification of these behaviors against the original UCON policies is provided. The end result is a flexible and scalable technique for establishing trust on attribute updates and information flow behaviors of a remote UCON system.


Information flow remote attestation usage control security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: SACMAT 2002: Proceedings of the seventh ACM Symposium on Access Control Models and Technologies, pp. 57–64. ACM Press, New York (2002)CrossRefGoogle Scholar
  2. 2.
    Trusted Computing Group,
  3. 3.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2004)Google Scholar
  4. 4.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT 2006: Proceedings of the eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)CrossRefGoogle Scholar
  5. 5.
    Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)Google Scholar
  6. 6.
    Alam, M., Zhang, X., Nauman, M., Ali, T., Seifert, J.P.: Model-based Behavioral Attestation. In: SACMAT 2008: Proceedings of the thirteenth ACM symposium on Access control models and technologies. ACM Press, New York (2008)Google Scholar
  7. 7.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21–29. ACM, New York (2007)CrossRefGoogle Scholar
  8. 8.
    Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.S.: Toward a Usage-Based Security Framework for Collaborative Computing Systems. ACM Trans. Inf. Syst. Secur. 11(1) (2008)Google Scholar
  9. 9.
    Srivatsa, M., Balfe, S.: Trust Management For Secure Information Flows. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 175–187. ACM, New York (2008)CrossRefGoogle Scholar
  10. 10.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM Trans. Inf. Syst. Secur. 8(4), 351–387 (2005)CrossRefGoogle Scholar
  11. 11.
    Zhang, X., Sandhu, R., Parisi-Presicce, F.: Safety Analysis of Usage Control Authorization Models. In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pp. 243–254. ACM, New York (2006)CrossRefGoogle Scholar
  12. 12.
    Kanerva, P.: Anonymous Authorization in Networked Systems: An Implementation of Physical Access Control System. Masters Thesis. Helsinki University of Technology (March 2001)Google Scholar
  13. 13.
    Bella, G., Paulson, L.C., Massacci, F.: The Verification of an Industrial Payment Protocol: the SET Purchase Phase. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 12–20. ACM, New York (2002)Google Scholar
  14. 14.
    TCG Software Stack (TSS) Specifications,
  15. 15.
    Trusted Computing for the Java(tm) Platform,
  16. 16.
    Java Community Process. JSR321: Trusted Computing API for Java,
  17. 17.
    Alam, M., Zhang, X., Nauman, M., Ali, T.: Behavioral Attestation for Web Services (BA4WS). In: SWS 2008: Proceedings of the ACM Workshop on Secure Web Services (SWS) located at 15th ACM Conference on Computer and Communications Security (CCS-15). ACM Press, New York (2008)Google Scholar
  18. 18.
    Guttman, J.: Verifying Information Flow Goals in Security-Enhanced Linux. Journal of Computer Security 13(1), 115–134 (2005)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)CrossRefzbMATHGoogle Scholar
  20. 20.
    Myers, A.C.: JFlow: Practical Mostly-static Information Flow Control. In: POPL 1999: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 228–241. ACM, New York (1999)Google Scholar
  21. 21.
    Haldar, V., Chandra, D., Franz, M.: Practical, Dynamic Information-flow for Virtual Machines,
  22. 22.
    Nair, S., Simpson, P., Crispo, B., Tanenbaum, A.: A Virtual Machine Based Information Flow Control System for Policy Enforcement. Electronic Notes in Theoretical Computer Science 197(1), 3–16 (2008)CrossRefGoogle Scholar
  23. 23.
    Thober, M., Pendergrass, J.A., McDonell, C.D.: Improving Coherency of Runtime Integrity Measurement. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)Google Scholar
  24. 24.
    Gu, L., Ding, X., Deng, R., Xie, B., Mei, H.: Remote Attestation on Program Execution. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)Google Scholar
  25. 25.
    Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation – A Virtual Machine directed approach to Trusted Computing In. Proc. of the Third Virtual Macine Research and Technology Symposium USENIX (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mohammad Nauman
    • 1
  • Masoom Alam
    • 1
  • Xinwen Zhang
    • 2
  • Tamleek Ali
    • 1
  1. 1.Security Engineering Research GroupInstitute of Management SciencesPeshawarPakistan
  2. 2.Samsung Information Systems AmericaSan JoséUSA

Personalised recommendations