The rise of many kinds of grid systems, and associated security threats, makes very necessary the provision of trustworthy services for audit and logging. However, existing solutions tend to put little emphasis on the security of logging. We present a number of use cases where the logs have security properties in their own rights, and so the logs themselves are highly privileged: hence, these need to be integrity and confidentiality protected while being generated, accessed, reconciled and analysed with distributed services spanning across multiple administrative domains. We derive a common set of secure logging requirements to address the security gaps which exist between these use cases and existing solutions.From the requirements, we propose a novel logging architecture for the grid based on virtual machine (VM) isolation and trusted computing capabilities: a small number of privileged driver VMs trigger all trusted logging requests and forward them to the secure logging service running within the log security manager. The logging service verifies the integrity of the log data and the security configurations of these driver VMs (log generators) before storing the logs.
{"title":"Trusted Logging for Grid Computing","authors":"J. Huh, A. Martin","doi":"10.1109/APTC.2008.9","DOIUrl":"https://doi.org/10.1109/APTC.2008.9","url":null,"abstract":"The rise of many kinds of grid systems, and associated security threats, makes very necessary the provision of trustworthy services for audit and logging. However, existing solutions tend to put little emphasis on the security of logging. We present a number of use cases where the logs have security properties in their own rights, and so the logs themselves are highly privileged: hence, these need to be integrity and confidentiality protected while being generated, accessed, reconciled and analysed with distributed services spanning across multiple administrative domains. We derive a common set of secure logging requirements to address the security gaps which exist between these use cases and existing solutions.From the requirements, we propose a novel logging architecture for the grid based on virtual machine (VM) isolation and trusted computing capabilities: a small number of privileged driver VMs trigger all trusted logging requests and forward them to the secure logging service running within the log security manager. The logging service verifies the integrity of the log data and the security configurations of these driver VMs (log generators) before storing the logs.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126851166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present in our paper a secure, flexible and transparent security architecture for virtual disk images.Virtual disk images are often overlooked in security concepts, especially in a grid environment where disk images are considered to be secure as long as they reside within the secured borders of the data center.However, for some applications this level of assurance is not satisfactory.In our security architecture, virtualized guests transparently benefit from integrity as well as confidentiality assurance.Traditional virtual disk images lack the ability of an efficient integrity protection mechanism.We base our concepts on trusted computing utilizing the Trusted Platform Module (TPM) to efficiently deliver integrity assurance to virtual disk images.Further, we allow a restrictive rule-set to be imposed by the virtual disk image owner, and we enable the owner to retain control over the virtual disk image throughout its life-cycle.
{"title":"Secure Virtual Disk Images for Grid Computing","authors":"C. Gebhardt, A. Tomlinson","doi":"10.1109/APTC.2008.17","DOIUrl":"https://doi.org/10.1109/APTC.2008.17","url":null,"abstract":"We present in our paper a secure, flexible and transparent security architecture for virtual disk images.Virtual disk images are often overlooked in security concepts, especially in a grid environment where disk images are considered to be secure as long as they reside within the secured borders of the data center.However, for some applications this level of assurance is not satisfactory.In our security architecture, virtualized guests transparently benefit from integrity as well as confidentiality assurance.Traditional virtual disk images lack the ability of an efficient integrity protection mechanism.We base our concepts on trusted computing utilizing the Trusted Platform Module (TPM) to efficiently deliver integrity assurance to virtual disk images.Further, we allow a restrictive rule-set to be imposed by the virtual disk image owner, and we enable the owner to retain control over the virtual disk image throughout its life-cycle.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128259190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The TCG (Trusted Computing Group) is an industry working group which aims to establish industry standards for trust and security in computing platforms. This paper enriches the TCG architecture by adding a SPM (Secure Process Manager) into the trusted platform as a kernel component for the purpose of process management. To attest a process/software to a remote peer, SPM will attest itself first and then sign the software description for remote verification. In comparison with the direct process attestation method, this indirection method simplifies the attestation significantly in the case of software updating, since the number of SPM versions is much fewer than that of softwares. Moreover, this paper introduces a DRM (Digital Right Management) scheme over the enriched architecture so as to enforce usage control with the standard resource in TPM (Trusted Platform Module) chip.
{"title":"Enriched Trusted Platform and its Application on DRM","authors":"Yongdong Wu, F. Bao","doi":"10.1109/APTC.2008.10","DOIUrl":"https://doi.org/10.1109/APTC.2008.10","url":null,"abstract":"The TCG (Trusted Computing Group) is an industry working group which aims to establish industry standards for trust and security in computing platforms. This paper enriches the TCG architecture by adding a SPM (Secure Process Manager) into the trusted platform as a kernel component for the purpose of process management. To attest a process/software to a remote peer, SPM will attest itself first and then sign the software description for remote verification. In comparison with the direct process attestation method, this indirection method simplifies the attestation significantly in the case of software updating, since the number of SPM versions is much fewer than that of softwares. Moreover, this paper introduces a DRM (Digital Right Management) scheme over the enriched architecture so as to enforce usage control with the standard resource in TPM (Trusted Platform Module) chip.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"2009 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129635643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems. In reality, the security of a single system running in a virtual machine can never be as secure as that single system running in its own dedicated physical hardware. If for no other reason, the security of that system in a virtual machine depends on the correct operation of both the operating system and the hypervisor software, while in a dedicated physical computer, it depends only on the correct operation of the operating system. The VMM case always has more opportunity for exploitable security flaws. While many people view virtual machine monitors as something special and different, in realty they are just special-purpose operating systems. The major difference is that the API to a virtual machine monitor is the instruction set of the virtual machine, while the API to an operating system is a set of system calls to manipulate processes, file systems, perform I/O, etc. To the extent that a particular VMM uses paravirtualization, it begins to look more like a classical operating system than a VMM.
{"title":"Is Your Virtual Machine Monitor Secure?","authors":"P. Karger","doi":"10.1109/APTC.2008.18","DOIUrl":"https://doi.org/10.1109/APTC.2008.18","url":null,"abstract":"It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems. In reality, the security of a single system running in a virtual machine can never be as secure as that single system running in its own dedicated physical hardware. If for no other reason, the security of that system in a virtual machine depends on the correct operation of both the operating system and the hypervisor software, while in a dedicated physical computer, it depends only on the correct operation of the operating system. The VMM case always has more opportunity for exploitable security flaws. While many people view virtual machine monitors as something special and different, in realty they are just special-purpose operating systems. The major difference is that the API to a virtual machine monitor is the instruction set of the virtual machine, while the API to an operating system is a set of system calls to manipulate processes, file systems, perform I/O, etc. To the extent that a particular VMM uses paravirtualization, it begins to look more like a classical operating system than a VMM.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129137073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ge Fu, Hong Zhu, Yu-cai Feng, Yi Zhu, Jie Shi, Min Chen, X. Wang
Data recovery for malicious committed transactions after attacks increasingly becomes an important issue. Damage assessment for data recovery requires a transaction log which record data items read or written by all malicious and benign transactions. Unfortunately, conventional undo/redo log could not record read operations for transactions; and existing auditing mechanisms in DBMS could not capture operations for data items. In this paper, we introduce a concept of "extended read operations" and illustrate how the extended read operations would cause the damage spreading, and then a fine grained transaction log (FGTL) is proposed. The log records all the data items of the read only and update-involved operations (read and write) for the committed transactions, and even extracts data items read by the subqueries in the SQL statements. A prototype system denoted FGTL generator is developed to generate the FGTL. Experiments based on TPC-W benchmark show the availability for FGTL generator.
{"title":"Fine Grained Transaction Log for Data Recovery in Database Systems","authors":"Ge Fu, Hong Zhu, Yu-cai Feng, Yi Zhu, Jie Shi, Min Chen, X. Wang","doi":"10.1109/APTC.2008.7","DOIUrl":"https://doi.org/10.1109/APTC.2008.7","url":null,"abstract":"Data recovery for malicious committed transactions after attacks increasingly becomes an important issue. Damage assessment for data recovery requires a transaction log which record data items read or written by all malicious and benign transactions. Unfortunately, conventional undo/redo log could not record read operations for transactions; and existing auditing mechanisms in DBMS could not capture operations for data items. In this paper, we introduce a concept of \"extended read operations\" and illustrate how the extended read operations would cause the damage spreading, and then a fine grained transaction log (FGTL) is proposed. The log records all the data items of the read only and update-involved operations (read and write) for the committed transactions, and even extracts data items read by the subqueries in the SQL statements. A prototype system denoted FGTL generator is developed to generate the FGTL. Experiments based on TPC-W benchmark show the availability for FGTL generator.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130481254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qi Li, Xinwen Zhang, Jean-Pierre Seifert, H. Zhong
Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.
{"title":"Secure Mobile Payment via Trusted Computing","authors":"Qi Li, Xinwen Zhang, Jean-Pierre Seifert, H. Zhong","doi":"10.1109/APTC.2008.24","DOIUrl":"https://doi.org/10.1109/APTC.2008.24","url":null,"abstract":"Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126278525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A new robust watermarking approach is proposed in wavelet domain in this paper. It is robust to both compressive and geometric attacks. The watermark is embedded into the wavelet transform modulus maxima (WTMM) of the host image, which is shift-invariant compared to the other wavelet domain watermarking approaches. On the other hand, scale and rotation invariants are achieved by the geometric normalization during watermark detection. Mutual Information approach is proposed to improve the robustness of watermark detection, which can capture higher order statistics of image than that of the correlation detection. Case studies involve various attacks such as shifting, lossy compression, scaling, rotation and median filtering on the watermark are presented and discussed on their effectiveness.
{"title":"Mutual Information Based Watermarking Detection in Wavelet Domain for Copyright Protection","authors":"Ting Luo, Guanglin Xing, Lei Shi","doi":"10.1109/APTC.2008.12","DOIUrl":"https://doi.org/10.1109/APTC.2008.12","url":null,"abstract":"A new robust watermarking approach is proposed in wavelet domain in this paper. It is robust to both compressive and geometric attacks. The watermark is embedded into the wavelet transform modulus maxima (WTMM) of the host image, which is shift-invariant compared to the other wavelet domain watermarking approaches. On the other hand, scale and rotation invariants are achieved by the geometric normalization during watermark detection. Mutual Information approach is proposed to improve the robustness of watermark detection, which can capture higher order statistics of image than that of the correlation detection. Case studies involve various attacks such as shifting, lossy compression, scaling, rotation and median filtering on the watermark are presented and discussed on their effectiveness.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115304043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Timed component interface control flow automata (TCICFA) is presented to specify and verify composite real-time components' invocation behavior and timing constraint information. By analyzing TCICFAs, a component reachability graph (CRG) can be constructed based on the constructing algorithm we presented. Each node in CRG is equipped with a state formula which has been computed with the construction of the CRG, and assertions can be made at each node to express safety, real-time liveness and other trustworthiness properties. Then all kinds of nonfunctional trustworthiness properties of composite components in real-time reactive systems (RTRS) can be verified based on the CRG using a SAT solver.
{"title":"A Specification and Verification Method on Component Composition of Real-Time Reactive Systems","authors":"Yangli Jia, Zhoujun Li, Xutao Du, Zhenling Zhang","doi":"10.1109/APTC.2008.14","DOIUrl":"https://doi.org/10.1109/APTC.2008.14","url":null,"abstract":"Timed component interface control flow automata (TCICFA) is presented to specify and verify composite real-time components' invocation behavior and timing constraint information. By analyzing TCICFAs, a component reachability graph (CRG) can be constructed based on the constructing algorithm we presented. Each node in CRG is equipped with a state formula which has been computed with the construction of the CRG, and assertions can be made at each node to express safety, real-time liveness and other trustworthiness properties. Then all kinds of nonfunctional trustworthiness properties of composite components in real-time reactive systems (RTRS) can be verified based on the CRG using a SAT solver.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133655368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Internet has become a vital communication infrastructure. However, the same Internet has also become the vehicle for many powerful malicious attacks (e.g., botnets) that could turn it into doing more harm than good. This has led to the development, and sometimes deployment, of various security infrastructures and services (e.g., PKI, DNSSEC and TPM). Unfortunately, it seems inevitable, at least for the many years to come, that malicious attacks would remain successfully. Therefore, it has become increasingly more important to be able to understand, model, and ultimately manage the trustworthiness of security infrastructures and services. In this talk the speaker will expose his view towards solving this challenging and important problem. Some initial results and open problems will be discussed as well.
{"title":"(How) Can We Manage the Trustworthiness of Security Infrastructures and Services?","authors":"Shouhuai Xu","doi":"10.1109/APTC.2008.11","DOIUrl":"https://doi.org/10.1109/APTC.2008.11","url":null,"abstract":"The Internet has become a vital communication infrastructure. However, the same Internet has also become the vehicle for many powerful malicious attacks (e.g., botnets) that could turn it into doing more harm than good. This has led to the development, and sometimes deployment, of various security infrastructures and services (e.g., PKI, DNSSEC and TPM). Unfortunately, it seems inevitable, at least for the many years to come, that malicious attacks would remain successfully. Therefore, it has become increasingly more important to be able to understand, model, and ultimately manage the trustworthiness of security infrastructures and services. In this talk the speaker will expose his view towards solving this challenging and important problem. Some initial results and open problems will be discussed as well.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":" 46","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113948828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Summary form only given. Through the practice of information security, people have realized that the causation of security mainly comes from microcomputer terminal. To ensure the source security of microcomputer terminal, the solution must synthetically integrate different security technologies including chips, hardware architecture, and operating system, etc., which is the original idea of trusted computing.
{"title":"Research and Development of Trusted Computing in China","authors":"Huanguo Zhang","doi":"10.1109/APTC.2008.19","DOIUrl":"https://doi.org/10.1109/APTC.2008.19","url":null,"abstract":"Summary form only given. Through the practice of information security, people have realized that the causation of security mainly comes from microcomputer terminal. To ensure the source security of microcomputer terminal, the solution must synthetically integrate different security technologies including chips, hardware architecture, and operating system, etc., which is the original idea of trusted computing.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129458928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: