Remote attestation with domain-based integrity model and policy analysis

Wenjuan Xu; Xinwen Zhang; Hongxin Hu; Gail-Joon Ahn; Jean Pierre Seifert

doi:10.1109/TDSC.2011.61

Remote attestation with domain-based integrity model and policy analysis

Wenjuan Xu, Xinwen Zhang, Hongxin Hu, Gail-Joon Ahn, Jean Pierre Seifert

Research output: Contribution to journal › Article › peer-review

27 Scopus citations

Abstract

We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

Original language	English (US)
Article number	6104065
Pages (from-to)	429-442
Number of pages	14
Journal	IEEE Transactions on Dependable and Secure Computing
Volume	9
Issue number	3
DOIs	https://doi.org/10.1109/TDSC.2011.61
State	Published - 2012

Keywords

Remote attestation
platform integrity
policy analysis
security policy

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/TDSC.2011.61

Cite this

@article{c779397839c64639a76c4cc083060368,

title = "Remote attestation with domain-based integrity model and policy analysis",

abstract = "We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.",

keywords = "Remote attestation, platform integrity, policy analysis, security policy",

author = "Wenjuan Xu and Xinwen Zhang and Hongxin Hu and Gail-Joon Ahn and Seifert, {Jean Pierre}",

note = "Funding Information: The work of Gail-Joon Ahn and Hongxin Hu was partially supported by the grants from the US National Science Foundation (NSF-IIS-0900970 and NSF-CNS-0831360) and the US Department of Energy (DE-SC0004308). The work of Gail-Joon Ahn and Wenjuan Xu was also partially supported by the grants from the US National Science Foundation (NSF-IIS-0242393) and the US Department of Energy Early Career Principal Investigator Award (DE-FG02-03ER25565).",

year = "2012",

doi = "10.1109/TDSC.2011.61",

language = "English (US)",

volume = "9",

pages = "429--442",

journal = "IEEE Transactions on Dependable and Secure Computing",

issn = "1545-5971",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Remote attestation with domain-based integrity model and policy analysis

AU - Xu, Wenjuan

AU - Zhang, Xinwen

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Seifert, Jean Pierre

N1 - Funding Information: The work of Gail-Joon Ahn and Hongxin Hu was partially supported by the grants from the US National Science Foundation (NSF-IIS-0900970 and NSF-CNS-0831360) and the US Department of Energy (DE-SC0004308). The work of Gail-Joon Ahn and Wenjuan Xu was also partially supported by the grants from the US National Science Foundation (NSF-IIS-0242393) and the US Department of Energy Early Career Principal Investigator Award (DE-FG02-03ER25565).

PY - 2012

Y1 - 2012

N2 - We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

AB - We propose and implement an innovative remote attestation framework called DR@FT for efficiently measuring a target system based on an information flow-based integrity model. With this model, the high integrity processes of a system are first measured and verified, and these processes are then protected from accesses initiated by low integrity processes. Toward dynamic systems with frequently changed system states, our framework verifies the latest state changes of a target system instead of considering the entire system information. Our attestation evaluation adopts a graph-based method to represent integrity violations, and the graph-based policy analysis is further augmented with a ranked violation graph to support high semantic reasoning of attestation results. As a result, DR@FT provides efficient and effective attestation of a system's integrity status, and offers intuitive reasoning of attestation results for security administrators. Our experimental results demonstrate the feasibility and practicality of DR@FT.

KW - Remote attestation

KW - platform integrity

KW - policy analysis

KW - security policy

UR - http://www.scopus.com/inward/record.url?scp=84863378022&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863378022&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2011.61

DO - 10.1109/TDSC.2011.61

M3 - Article

AN - SCOPUS:84863378022

SN - 1545-5971

VL - 9

SP - 429

EP - 442

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

IS - 3

M1 - 6104065

ER -

Remote attestation with domain-based integrity model and policy analysis

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this