Remote attestation with domain-based integrity model and policy analysis

Wenjuan Xu, Xinwen Zhang, Hongxin Hu, Gail-Joon Ahn, Jean Pierre Seifert

Research output: Contribution to journalArticle

19 Citations (Scopus)

Abstract

We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

Original languageEnglish (US)
Article number6104065
Pages (from-to)429-442
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume9
Issue number3
DOIs
StatePublished - 2012

Fingerprint

Dynamical systems
Information systems
Semantics

Keywords

  • platform integrity
  • policy analysis
  • Remote attestation
  • security policy

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Remote attestation with domain-based integrity model and policy analysis. / Xu, Wenjuan; Zhang, Xinwen; Hu, Hongxin; Ahn, Gail-Joon; Seifert, Jean Pierre.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 9, No. 3, 6104065, 2012, p. 429-442.

Research output: Contribution to journalArticle

Xu, Wenjuan ; Zhang, Xinwen ; Hu, Hongxin ; Ahn, Gail-Joon ; Seifert, Jean Pierre. / Remote attestation with domain-based integrity model and policy analysis. In: IEEE Transactions on Dependable and Secure Computing. 2012 ; Vol. 9, No. 3. pp. 429-442.
@article{c779397839c64639a76c4cc083060368,
title = "Remote attestation with domain-based integrity model and policy analysis",
abstract = "We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.",
keywords = "platform integrity, policy analysis, Remote attestation, security policy",
author = "Wenjuan Xu and Xinwen Zhang and Hongxin Hu and Gail-Joon Ahn and Seifert, {Jean Pierre}",
year = "2012",
doi = "10.1109/TDSC.2011.61",
language = "English (US)",
volume = "9",
pages = "429--442",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - Remote attestation with domain-based integrity model and policy analysis

AU - Xu, Wenjuan

AU - Zhang, Xinwen

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Seifert, Jean Pierre

PY - 2012

Y1 - 2012

N2 - We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

AB - We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

KW - platform integrity

KW - policy analysis

KW - Remote attestation

KW - security policy

UR - http://www.scopus.com/inward/record.url?scp=84863378022&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863378022&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2011.61

DO - 10.1109/TDSC.2011.61

M3 - Article

VL - 9

SP - 429

EP - 442

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 3

M1 - 6104065

ER -