Advertisement

Engineering Attestable Services

  • John Lyle
  • Andrew Martin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6101)

Abstract

Web services require complex middleware in order to communicate using XML standards. However, this software increases vulnerability to runtime attack and makes remote attestation difficult. We propose to solve this problem by dividing services onto two platforms, an untrusted front-end, implementing the middleware, and a trustworthy back-end with a minimal trusted computing base.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Schellekens, D., Wyseur, B., Preneel, B.: Remote Attestation on Legacy Operating Systems With Trusted Platform Modules. ENTCS 197(1), 59–72 (2008)Google Scholar
  2. 2.
    The Trusted Computing Group: Website (2009)Google Scholar
  3. 3.
    Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: SecureCom 2009, vol. 3, pp. 283–288 (2009)Google Scholar
  4. 4.
    Watanabe, Y., Yoshihama, S., Mishina, T., Kudo, M., Maruyama, H.: Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 65–80. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bangerter, E., Djackov, M., Sadeghi, A.R.: A demonstrative ad hoc attestation system. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 17–30. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: STC, pp. 30–40. ACM, New York (2007)CrossRefGoogle Scholar
  7. 7.
    OASIS: Web services security: Soap message security 1.1 (2004), http://docs.oasis-open.org/wss/v1.1/
  8. 8.
    Demchenko, Y., Gommans, L., de Laat, C., Oudenaarde, B.: Web services and grid security vulnerabilities and threats analysis and model. In: GRID. IEEE, Los Alamitos (2005)Google Scholar
  9. 9.
  10. 10.
    Gray, N.A.B.: Comparison of web services, java-rmi, and corba service implementation. In: Australasian Workshop on Software and System Architectures (2004)Google Scholar
  11. 11.
    Wei, J., Singaravelu, L., Pu, C.: A secure information flow architecture for web service platforms. IEEE Trans. on Services Computing 1(2), 75–87 (2008)CrossRefGoogle Scholar
  12. 12.
    Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: ACSAC, p. 265. IEEE, Los Alamitos (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • John Lyle
    • 1
  • Andrew Martin
    • 1
  1. 1.Oxford University Computing LaboratoryOxford

Personalised recommendations