Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


Despite increasing needs for the coalition-based resource sharing, establishing trusted coalition of nodes in an untrusted computing environment is a long-standing yet increasingly important issue to be solved. The Trusted virtual domain (TVD) is a new model for establishing trusted coalitions over heterogeneous and highly decentralized computing environment. The key technology to enable TVD is the integrity assurance mechanism, which allows a remote challenger to verify the configuration and state of a node.

A modern computer system consists of a multi-layer stack of software, such as a hypervisor, a virtual machine, an operating system, middleware, etc. The integrity assurance of software components is established by chains of assurance from the trusted computing base (TCB) at the lowest layer, while the communication interface provided by nodes should be properly abstracted at a higher layer to support interoperable communication and the fine-grained handling of expressive messages.

To fill the gap between ”secure communication between nodes” and ”secure communication between trusted components”, a notion of ”Secure Message Router (SMR)”, domain-independent, easy to verify, multi-functional communication wrapper for secure communication is introduced in this paper. The SMR provides essential features to establish TVDs : end-to-end secure channel establishment, policy-based message translation and routing, and attestability using fixed clean implementation. A virtual machine-based implementation with a Web service interface is also discussed.


Trusted Virtual Domain Distributed Coalition Trusted Computing Mandatory Access Control 


  1. 1.
    Bussani, A., Griffin, J.L., Jansen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Van Doorn, L., Van Herreweghen, E.A., Waidner, M., Yoshihama, S.: Trusted Virtual Domains: Secure Foundations For Business and IT Services. IBM Research Report RC23792, IBM Corporation (November 2004), Available from:
  2. 2.
    Sailer, R., Jaeger, T., Valdez, E., Cáceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Srikanthan, T., Xue, J., Chang, C.-H. (eds.) ACSAC 2005. LNCS, vol. 3740, pp. 276–285. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted virtual domains: Toward secure distributed services. In: IEEE First Workshop on Hot Topics in System Dependability (HotDep2005), Yokohama, Japan (June 2005)Google Scholar
  4. 4.
    Maruyama, H., Seliger, F., Nagaratnam, N., Ebringer, T., Munetoh, S., Yoshihama, S., Nakamura, T.: Trusted platform on demand. IBM Research Report RT0564, IBM Corporation (February 2004)Google Scholar
  5. 5.
    Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation - scalable and privacy-friendly security assessment of peer computers. IBM Research Report RZ3548, IBM Corporation (May 2004)Google Scholar
  6. 6.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (January 2003)Google Scholar
  7. 7.
    Trusted Computing Group,
  8. 8.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proc. of the 11th USENIX Security Symposium. USENIX, San Diego, California (August 2004)Google Scholar
  9. 9.
    Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: WS-attestation: Efficient and fine-grained remote attestation on web services. In: Proc. of International Conference on Web Services (ICWS 2005), Orlando, Florida, USA (July 2005)Google Scholar
  10. 10.
    Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: Proc. of the 11th ACM Conference on Computer and Communications Security (CCS 2004), Washington (October 2004)Google Scholar
  11. 11.
  12. 12.
  13. 13.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. of the 19th Symposium on Operating System Principles(SOSP 2003) (October 2003)Google Scholar
  14. 14.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - virtual machine directed approach to trusted computing. In: Proc. of the 3rd Virtual Machine Research and Technology Symposium, San Jose, CA, USA (May 2004)Google Scholar
  15. 15.
    Sadeghi, A.-R., Stuble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Minsky, N.H.: The imposition of protocols over open distributed systems. IEEE Trans. Softw. Eng. 17(2), 183–195 (1991)CrossRefGoogle Scholar
  17. 17.
    Minsky, N.H., Ungureanu, V.: Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. ACM Transactions on Software Engineering and Methodology 9(3), 273–305 (2000)CrossRefGoogle Scholar
  18. 18.
    Ao, X., Minsky, N.H.: Flexible regulation of distributed coalitions. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 39–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Law Governed Interaction (LGI): A Distributed Coordination and Control Mechanism,
  21. 21.
    Yin, H., Wang, H.: Building an application-aware IPsec policy system. In: Proc. of USENIX Security Symposium 2005, Baltimore, MD, August 1-5 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Tokyo Research LaboratoryIBM ResearchKanagawaJapan

Personalised recommendations