Issue No. 03 - May/June (2012 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.61
Wenjuan Xu , Frostburg State University, Frostburg
Xinwen Zhang , Huawei Research Center, Santa Clara
Hongxin Hu , Arizona State University, Tempe
Gail-Joon Ahn , Arizona State University, Tempe
Jean-Pierre Seifert , Technical University of Berlin, Berlin
We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.
Remote attestation, platform integrity, security policy, policy analysis.
J. Seifert, H. Hu, G. Ahn, X. Zhang and W. Xu, "Remote Attestation with Domain-Based Integrity Model and Policy Analysis," in IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 429-442, 2011.