Remote Attestation with Domain-Based Integrity Model and Policy Analysis

Wenjuan Xu; Gail-Joon Ahn; Jean-Pierre Seifert; Xinwen Zhang; Hongxin Hu

doi:10.1109/TDSC.2011.61

Publication
2012
Issue No. 3 - May/June
Abstract - Remote Attestation with Domain-Based Integrity Model and Policy Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wenjuan Xu Articles by Xinwen Zhang Articles by Hongxin Hu Articles by Gail-Joon Ahn Articles by Jean-Pierre Seifert

Remote Attestation with Domain-Based Integrity Model and Policy Analysis

May/June 2012 (vol. 9 no. 3)

pp. 429-442

	ASCII Text	x
	Wenjuan Xu, Xinwen Zhang, Hongxin Hu, Gail-Joon Ahn, Jean-Pierre Seifert, "Remote Attestation with Domain-Based Integrity Model and Policy Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 429-442, May/June, 2012.

	BibTex	x
	@article{ 10.1109/TDSC.2011.61, author = {Wenjuan Xu and Xinwen Zhang and Hongxin Hu and Gail-Joon Ahn and Jean-Pierre Seifert}, title = {Remote Attestation with Domain-Based Integrity Model and Policy Analysis}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {9}, number = {3}, issn = {1545-5971}, year = {2012}, pages = {429-442}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.61}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Remote Attestation with Domain-Based Integrity Model and Policy Analysis IS - 3 SN - 1545-5971 SP429 EP442 EPD - 429-442 A1 - Wenjuan Xu, A1 - Xinwen Zhang, A1 - Hongxin Hu, A1 - Gail-Joon Ahn, A1 - Jean-Pierre Seifert, PY - 2012 KW - Remote attestation KW - platform integrity KW - security policy KW - policy analysis. VL - 9 JA - IEEE Transactions on Dependable and Secure Computing ER -

Wenjuan Xu, Frostburg State University, Frostburg

Xinwen Zhang, Huawei Research Center, Santa Clara

Hongxin Hu, Arizona State University, Tempe

Gail-Joon Ahn, Arizona State University, Tempe

Jean-Pierre Seifert, Technical University of Berlin, Berlin

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.61

We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

[1] "Trusted Computing Group," https:/www. trustedcomputinggroup.org , 2011.
[2] R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, "Design and Implementation of a TCG-Based Integrity Measurement Architecture," Proc. 13th Conf. USENIX Security (SSYM '04), 2004.
[3] L. Chen, R. Landfermann, H. Löhr, M. Rohe, A.-R. Sadeghi, and C. Stüble, "A Protocol for Property-Based Attestation," Proc. First ACM Workshop Scalable Trusted Computing (STC '06), 2006.
[4] V. Haldar, D. Chandra, and M. Franz, "Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing," Proc. Third Conf. Virtual Machine Research and Technology Symp. (VM '04), 2004.
[5] T. Jaeger, R. Sailer, and U. Shankar, "PRIMA: Policy-reduced Integrity Measurement Architecture," Proc. 11th ACM Symp. Access Control Models and Technologies (SACMAT '06), 2006.
[6] K.J. Biba, "Integrity Consideration for Secure Compuer System," Technical Report 3153, Mitre Corp., 1977.
[7] T. Fraser, "Lomac: Low Water-Mark Integrity Protection for Cots Environment," Proc. IEEE Symp. Security and Privacy (SP '00), May 2000.
[8] R.S. Sandhu, "Lattice-Based Access Control Models," Computer, vol. 26, no. 11, pp. 9-19, Nov. 1993.
[9] U. Shankar, T. Jaeger, and R. Sailer, "Toward Automated Information-Flow Integrity Verification for Security-Critical Applications," Proc. Network and Distributed System Security Symp. (NDSS), 2006.
[10] T. Jaeger, R. Sailer, and X. Zhang, "Analyzing Integrity Protection in the Selinux Example Policy," Proc. 12th Conf. USENIX Security Symp. (SSYM '03), 2003.
[11] U. Shankar, T. Jaeger, and R. Sailer, "Toward Automated Information-Flow Integrity Verification for Security-Critical Applications," Proc. Network and Distributed System Security Symp. (NDSS), The Internet Soc., http://dblp.uni-trier.de/db/conf/ndssndss2006.html#ShankarJS06 , 2006.
[12] S. Smalley, "Configuring the Selinux Policy," http://www.nsa. gov/SELinuxdocs.html, 2003.
[13] B. Hicks, S. Rueda, L.S. Clair, T. Jaeger, and P. McDaniel, "A Logical Specification and Analysis for Selinux mls Policy," ACM Trans. Information Systems Security, vol. 13, no. 3, pp. 1-31, 2010.
[14] Tresys Technology APOL, http://www.tresys.comselinux/, 2011.
[15] J. Guttman, A. Herzog, and J. Ramsdell, "Information Flow in Operating Systems: Eager Formal Methods," Proc. Workshop Issues in the Theory of Security (WITS), 2003.
[16] B. Sarna-Starosta and S.D. Stoller, "Policy Analysis for Security-Enhanced Linux," Proc. Workshop Issues in the Theory of Security (WITS), pp. 1-12, Apr. 2004.
[17] W. Xu, M. Shehab, and G. Ahn, "Visualization Based Policy Analysis: Case Study in Selinux," Proc. ACM Symp. Access Control Models and Technologies, 2008.
[18] G. Ahn, W. Xu, and X. Zhang, "Systematic Policy Analysis for High-Assurance Services in Selinux," Proc. IEEE Workshop Policies for Distributed Systems and Networks, pp. 3-10, 2008.
[19] M. Alam, X. Zhang, M. Nauman, T. Ali, and J.-P. Seifert, "Model-Based Behavioral Attestation," Proc. 13th ACM Symp. Access Control Models and Technologies (SACMAT '08), 2008.
[20] Trusted Computer System Evaluation Criteria. United States Govt. Dept. of Defense (DOD), Profile Books, 1985.
[21] A.P. Anderson, "Computer Security Technology Planning Study," Technical Report ESD-TR-73-51, vol. II, 1972.
[22] S. Smalley, "Configuring the Selinux Policy," http://www.nsa. gov/SELinuxdocs.html, 2003.
[23] "LIM Patch," http://lkml.org/lkml/2008/627, 2011.
[24] N. Provos, M. Friedl, and P. Honeyman, "Preventing Privilege Escalation," Proc. 12th Conf. USENIX Security Symp. (SSYM '03), p. 11, Aug. 2003.
[25] M. Green, "Toward a Perceptual Science of Multidimensional Data Visualization: Bertin and Beyond," http://www.ergogero. com/datavizdviz2.html , 1998.
[26] S. Brin and L. Page, "The Anatomy of a Large-Scale Hypertextual Web Search Engine," Computer Networks and ISDN Systems, vol. 30, nos. 1-7, pp. 107-117, 1998.
[27] W. Xu, X. Zhang, and G.-J. Ahn, "Towards System Integrity Protection with Graph-Based Policy Analysis," Proc. 23rd Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, 2009.
[28] "Piccolo ToolKit," http://www.cs.umd.edu/hciljazz/. 2011.

Index Terms:

Remote attestation, platform integrity, security policy, policy analysis.

Citation:

Wenjuan Xu, Xinwen Zhang, Hongxin Hu, Gail-Joon Ahn, Jean-Pierre Seifert, "Remote Attestation with Domain-Based Integrity Model and Policy Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 429-442, May-June 2012, doi:10.1109/TDSC.2011.61

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.