Abstract
Property based attestation is an extension of the proposed trusted computing attestation mechanism where binary measurements are abstracted to meaningful platform properties. In this paper, we propose ALOPA - Authorization Logic for Property Attestation, a logic based language for the specification and evaluation of authorization policies using properties in trusted platforms. Access control policies specified using ALOPA govern the access of platforms to resources on the basis of the platform’s identity and a collection of rules based on platform properties, which determine, for any platform and any resource, the types of accesses the platform is allowed on the resource. Such an approach seems promising for developing secure distributed applications using property attestation based authorization for trusted platforms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Trusted Computing Group: TPM Main - Part 1 Design Principles, Version 1.2, Revision 103 (July 2007)
Poritz, J., Schunter, M., Herreweghen, E.V., Waidner, M.: Property Attestation—Scalable and Privacy-Friendly Security Assessment of Peer Computers. Technical report, IBM Research (May 2004)
Sadeghi, A.R., Stüble, C.: Property-Based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM, New York (2004)
Nagarajan, A., Varadharajan, V., Hitchens, M.: Trust Management for Trusted Computing Platforms in Web Services. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 58–62. ACM, New York (2007)
Nagarajan, A., Varadharajan, V., Hitchens, M., Arora, S.: On the Applicability of Trusted Computing in Distributed Authorization Using Web Services. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 222–237. Springer, Heidelberg (2008)
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A Protocol for Property-Based Attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a Role-Based Trust Management Framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland (May 2002)
Jim, T.: SD3: A Trust Management System with Certified Evaluation. In: SP 2001: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 106. IEEE Computer Society, Los Alamitos (2001)
DeTreville, J.: Binder - A Logic-Based Security Language. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 105. IEEE Computer Society, Los Alamitos (2002)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: SP 1997: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 31. IEEE Computer Society, Los Alamitos (1997)
Rivest, R.L., Lampson, B.: SDSI - A Simple Distributed Security Infrastructure. Presented at CRYPTO 1996 Rumpsession (1996)
Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In: SP 2000: Proceedings of the IEEE Symposium on Security and Privacy, Washington DC, USA, p. 2. IEEE Computer Society, Los Alamitos (2000)
Common Criteria Sponsoring Organizations: Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Components, Version 3.1 Rev 1-Nat’l Inst. of Standards and Technology CCMB-2006-09-002 (September 2006)
Roscoe, A.W., Wulf, L.: Composing and Decomposing Systems under Security Properties. In: CSFW 1995: Proceedings of the 8th IEEE workshop on Computer Security Foundations, Washington, DC, USA, p. 9. IEEE Computer Society, Los Alamitos (1995)
Zakinthinos, A.: On the Composition of Security Properties. PhD thesis, University of Toronto (1996)
Horn, A.: On Sentences which are True of Direct Unions of Algebras. J. Symb. Log. 16(1), 14–21 (1951)
Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving. Harper & Row Publishers, Inc., New York (1985)
Kowalski, R.: Predicate Logic as Programming Language. In: IFIP Congress, pp. 569–574 (1974)
Microsoft Corporation: Network Access Protection Platform Architecture (February 2008)
Cisco Systems: Network Admission Control Documentation Reference Guide. 2.0 edn. (April 2006)
Trusted Computing Group: Trusted Network Connect (TNC) Architecture for Interoperability Version 1.3 (April 2008)
Iverson, E.: NAP Enhanced to Secure Endpoints on and off the Enterprise. Blue Ridge Networks (2008)
Seongyon, H., Eunseok, C., Wonseok, C., Jihyun, L., Youngman, P.: UNETSHA - Plug-in for Extending Microsoft NAP. UNET System Inc., Korea (2008)
Zorn, G.: Microsoft PPP CHAP Extensions, Version 2. RFC 2759 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nagarajan, A., Varadharajan, V., Hitchens, M. (2009). ALOPA: Authorization Logic for Property Attestation in Trusted Platforms. In: González Nieto, J., Reif, W., Wang, G., Indulska, J. (eds) Autonomic and Trusted Computing. ATC 2009. Lecture Notes in Computer Science, vol 5586. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02704-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-02704-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02703-1
Online ISBN: 978-3-642-02704-8
eBook Packages: Computer ScienceComputer Science (R0)