Abstract
Assurance of fulfillment of stakeholder’s expectations on a target platform is termed as remote attestation. Without such an assurance, there is no way of knowing whether the policies of the remote owner will be enforced as expected. Existing approaches toward remote attestation work at different levels of the software stack and most of them only measure binary hashes of the applications on the remote platform. Several dynamic attestation techniques have been proposed that aim to measure the internal working of an application. As there can be more than one application running on a target system, we need to have mechanisms to remotely certify the internal behavior of multiple applications on a single system. Similarly in TCG-based attestations we use Platform Configuration Register (PCR) for storing and advocating the platform configuration to the remote party. Currently a single PCR is used to capture the behavior of one application/purpose. In this paper we propose the idea of using a single PCR for multiple instances of a target application, while preserving the privacy of other application instances. Moreover, our technique also keeps the trusted status of each application intact. We propose a protocol for measurement and verification of a single instance by its respective stakeholder. Further, the mechanism proposed in this paper can be applied to different attestation techniques that work at different levels of the software stack. We develop a proof-of-concept implementation of our idea and provide future implications of this research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Trusted Computing Group, http://www.trustedcomputinggroup.org/
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, Berkeley, CA, USA. USENIX Association (2004)
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM Press, New York (2006)
Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Properties, not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)
Alam, M., Zhang, X., Nauman, M., Ali, T., Seifert, J.P.: Model-based Behavioral Attestation. In: SACMAT 2008: Proceedings of the Thirteenth ACM Symposium on Access Control Models and Technologies. ACM Press, New York (2008)
Nauman, M., Alam, M., Ali, T., Zhang, X.: Remote Attestation of Attribute Updates And Information Flows in a UCON System. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 63–80. Springer, Heidelberg (2009)
Gu, L., Ding, X., Deng, R., Xie, B., Mei, H.: Remote Attestation on Program Execution. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)
Park, J., Sandhu, R.: Towards Usage Control Models: Beyond Traditional Access Control. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 57–64. ACM Press, New York (2002)
Alam, M., Zhang, X., Nauman, M., Ali, T.: Behavioral Attestation for Web Services (BA4WS). In: SWS 2008: Proceedings of the ACM Workshop on Secure Web Services (SWS) located at 15th ACM Conference on Computer and Communications Security (CCS-15). ACM Press, New York (2008)
Fournet, C., Gonthier, G., Levy, J., Maranget, L., Remy, D.: A calculus of mobile agents. In: Sassone, V., Montanari, U. (eds.) CONCUR 1996. LNCS, vol. 1119, pp. 406–421. Springer, Heidelberg (1996)
Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21–29. ACM, New York (2007)
Bella, G., Paulson, L.C., Massacci, F.: The Verification of an Industrial Payment Protocol: the SET Purchase Phase. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 12–20. ACM, New York (2002)
Zhang, X., Sandhu, R., Parisi-Presicce, F.: Safety Analysis of Usage Control Authorization Models. In: ASIACCS 2006: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 243–254. ACM, New York (2006)
TCG Specification Architecture Overview v1.2, pp. 11-12. Technical report, Trusted Computing Group (April 2004)
Trusted Computing for the Java(tm) Platform.: http://trustedjava.sourceforge.net/
Stumpf, F., Fuchs, A., Katzenbeisser, S., Eckert, C.: Improving the scalability of platform attestation. In: STC 2008: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 1–10. ACM, New York (2008)
Berger, S., Cáceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: USENIX 2006: Proceedings of the USENIX Security Symposium, July 2006, pp. 305–320 (2006)
Sadeghi, A., Stuble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)
Lyle, J.: Trustable Remote Verification of Web Services. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 153–168. Springer, Heidelberg (2009)
Huh, J.H., Lyle, J.: Trustworthy log reconciliation for distributed virtual organisations. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 169–182. Springer, Heidelberg (2009)
Thober, M., Pendergrass, J.A., McDonell, C.D.: Improving Coherency of Runtime Integrity Measurement. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: Generalizing return-oriented programming to RISC. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 27–38. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tanveer, T.A., Alam, M., Nauman, M. (2010). Scalable Remote Attestation with Privacy Protection. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-14597-1_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14596-4
Online ISBN: 978-3-642-14597-1
eBook Packages: Computer ScienceComputer Science (R0)