Zhu Hong, Zhu Yi, Lingxi Chenyang, Shi Jie, Fu Ge, Wang Yuanzhen
In order to develop highly secure database systems to meet the requirements for class B2, an extended formal security policy model based on the BLP model is presented in this paper. A method for verifying security model for database systems is proposed. According to this method, the development of a formal specification and verification to ensure the security of the extended model is introduced. During the process of the verification, a number of mistakes have been identified and corrections have been made. Both the specification and verification are developed in Coq proof assistant. Our formal security model was improved and has been verified secure. This work demonstrates that our verification method is effective and sufficient and illustrates the necessity for formal verification of the extended model by using tools.
{"title":"Formal Specification and Verification of an Extended Security Policy Model for Database Systems","authors":"Zhu Hong, Zhu Yi, Lingxi Chenyang, Shi Jie, Fu Ge, Wang Yuanzhen","doi":"10.1109/APTC.2008.22","DOIUrl":"https://doi.org/10.1109/APTC.2008.22","url":null,"abstract":"In order to develop highly secure database systems to meet the requirements for class B2, an extended formal security policy model based on the BLP model is presented in this paper. A method for verifying security model for database systems is proposed. According to this method, the development of a formal specification and verification to ensure the security of the extended model is introduced. During the process of the verification, a number of mistakes have been identified and corrections have been made. Both the specification and verification are developed in Coq proof assistant. Our formal security model was improved and has been verified secure. This work demonstrates that our verification method is effective and sufficient and illustrates the necessity for formal verification of the extended model by using tools.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132159836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Huanguo Zhang, Jie Luo, Fei Yan, Mingdi Xu, Fan He, Jing Zhan
Trusted computing is a new generation technology of secure computing environment proposed by trusted computing group (TCG). Although many TC vendors claim that their products are compliant to TCG specifications, itpsilas very difficult to affirm it. Moreover, according to some government regulations on security, TC products shall require the official approval. Thus the testing and evaluation on TC products are necessary. Especially, there is no a prototype with full testing on whole TC products. Aiming at these issues, we proposed a testing prototype to make up for the gap between TCG specifications and product implementations. We introduced the automata theory as test mechanism to achieve TPM specification compliance test, validate chain of trust compliance by analyzing TCG-BIOS, and use reflection mechanism to test each layer of TSS. As a result, our test shows that some popular trusted PCs donpsilat meet the TCG specification includes TPM, TCG-BIOS and TSS.
{"title":"A Practical Solution to Trusted Computing Platform Testing","authors":"Huanguo Zhang, Jie Luo, Fei Yan, Mingdi Xu, Fan He, Jing Zhan","doi":"10.1109/APTC.2008.20","DOIUrl":"https://doi.org/10.1109/APTC.2008.20","url":null,"abstract":"Trusted computing is a new generation technology of secure computing environment proposed by trusted computing group (TCG). Although many TC vendors claim that their products are compliant to TCG specifications, itpsilas very difficult to affirm it. Moreover, according to some government regulations on security, TC products shall require the official approval. Thus the testing and evaluation on TC products are necessary. Especially, there is no a prototype with full testing on whole TC products. Aiming at these issues, we proposed a testing prototype to make up for the gap between TCG specifications and product implementations. We introduced the automata theory as test mechanism to achieve TPM specification compliance test, validate chain of trust compliance by analyzing TCG-BIOS, and use reflection mechanism to test each layer of TSS. As a result, our test shows that some popular trusted PCs donpsilat meet the TCG specification includes TPM, TCG-BIOS and TSS.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131978438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
During these years, computer security is in expeditious progressing. With the serious risk of security, the idea of Trusted Computing was introduced to the Information Technology industry. Trusted Computing has to ensure the computing is on the trusted platforms, so the technology of Trusted Computing Platform (TCP) was developed. In the specification of Trusted Computing Group (TCG), Trusted Platform Module (TPM) can be used to ensure that each computer will report its configuration parameters in a trustworthy manner. The cryptographic operations are all taking place in TPM, such as the measurement of Operation System, the encryption process, and the process of personal identification. These kinds of operations need huge computing power. Besides, these operations have to be done in TPM totally under the consideration of security. It is obviously a TPM chip should offer sufficient computing power to do these kinds of operations; otherwise the performance of trusted computing would descend seriously. In this paper, a high performance TPM chip J3210 based on SPARC v8 is designed and implemented. This high performance TPM chip J3210 consists of a high performance RISC CPU, a RSA/ECC cryptographic acceleration engine, a hash engine, a symmetric cryptographic acceleration engine, a random number generator and some peripheral interfaces. These internal Intellectual Property (IP) cores are elaborately designed and carefully configured. As a result, it demonstrates a high performance of cryptographic operations.
{"title":"Design and Implementation of the TPM Chip J3210","authors":"Huanguo Zhang, Zhongping Qin, Yang Qi","doi":"10.1109/APTC.2008.8","DOIUrl":"https://doi.org/10.1109/APTC.2008.8","url":null,"abstract":"During these years, computer security is in expeditious progressing. With the serious risk of security, the idea of Trusted Computing was introduced to the Information Technology industry. Trusted Computing has to ensure the computing is on the trusted platforms, so the technology of Trusted Computing Platform (TCP) was developed. In the specification of Trusted Computing Group (TCG), Trusted Platform Module (TPM) can be used to ensure that each computer will report its configuration parameters in a trustworthy manner. The cryptographic operations are all taking place in TPM, such as the measurement of Operation System, the encryption process, and the process of personal identification. These kinds of operations need huge computing power. Besides, these operations have to be done in TPM totally under the consideration of security. It is obviously a TPM chip should offer sufficient computing power to do these kinds of operations; otherwise the performance of trusted computing would descend seriously. In this paper, a high performance TPM chip J3210 based on SPARC v8 is designed and implemented. This high performance TPM chip J3210 consists of a high performance RISC CPU, a RSA/ECC cryptographic acceleration engine, a hash engine, a symmetric cryptographic acceleration engine, a random number generator and some peripheral interfaces. These internal Intellectual Property (IP) cores are elaborately designed and carefully configured. As a result, it demonstrates a high performance of cryptographic operations.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"60 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132148814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fengzhe Zhang, Yijian Huang, Huihong Wang, Haibo Chen, B. Zang
Live migration of virtual machine (VM) is a desirable feature for distributed computing such as grid computing and recent cloud computing by facilitating fault tolerance, load balance, and hardware maintenance. Virtual machine monitor (VMM) enforced process protection is a newly advocated approach to provide a trustworthy execution environment for processes running on commodity operating systems.While VMM-enforced protection systems extend protection to the processes in the virtual machine (VM), it also breaks the mobility of VMs since a VM is more closely bound to the VMM. Furthermore, several security vulnerabilities exists in migration, especially live migration of such systems that may degrade the protection strength or even break the protection.In this paper, we propose a secure migration system that provides live migration capability to VMs in VMM-enforced process protection systems, while not degrading the protection level. We implemented a prototype system base on Xen and GNU Linux to evaluate the design. The results shows that no serious performance degradation is incurred comparing to Xen live migration system.
{"title":"PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection","authors":"Fengzhe Zhang, Yijian Huang, Huihong Wang, Haibo Chen, B. Zang","doi":"10.1109/APTC.2008.15","DOIUrl":"https://doi.org/10.1109/APTC.2008.15","url":null,"abstract":"Live migration of virtual machine (VM) is a desirable feature for distributed computing such as grid computing and recent cloud computing by facilitating fault tolerance, load balance, and hardware maintenance. Virtual machine monitor (VMM) enforced process protection is a newly advocated approach to provide a trustworthy execution environment for processes running on commodity operating systems.While VMM-enforced protection systems extend protection to the processes in the virtual machine (VM), it also breaks the mobility of VMs since a VM is more closely bound to the VMM. Furthermore, several security vulnerabilities exists in migration, especially live migration of such systems that may degrade the protection strength or even break the protection.In this paper, we propose a secure migration system that provides live migration capability to VMs in VMM-enforced process protection systems, while not degrading the protection level. We implemented a prototype system base on Xen and GNU Linux to evaluate the design. The results shows that no serious performance degradation is incurred comparing to Xen live migration system.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124486348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As a multi-tenant service, cloud computing may be compared to container ships and cruise lines, which also provide services to large numbers of independent customers. To be cost-effective, cloud computing needs to be more like container shipping, with standardized containers, optimized costs, and automated assurances of non-interference from other cargo. Trusted infrastructures offer key technology elements that deliver these assurances.
{"title":"Multi-tenant Cloud Computing: From Cruise Liners to Container Ships","authors":"B. Kaliski","doi":"10.1109/APTC.2008.16","DOIUrl":"https://doi.org/10.1109/APTC.2008.16","url":null,"abstract":"As a multi-tenant service, cloud computing may be compared to container ships and cruise lines, which also provide services to large numbers of independent customers. To be cost-effective, cloud computing needs to be more like container shipping, with standardized containers, optimized costs, and automated assurances of non-interference from other cargo. Trusted infrastructures offer key technology elements that deliver these assurances.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124518977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yanjiang Yang, Robert H. Deng, F. Bao, Jianying Zhou
Security enforcement in wireless sensor networks is by no means an easy task, due to the inherent resource-constrained nature of sensor nodes. To facilitate security enforcement, we propose to incorporate more powerful high-end Security Enforcement Facilitators (SEFs) into wireless sensor networks. In particular, the SEFs are equipped with TCG-compliant Trusted Platform Modules (TPMs) to protect cryptographic secrets, perform authenticated booting and attest their platform state to a remote base station. As such, the SEFs act as online trusted third parties to effectively monitor the states of sensor nodes, help in key management, simplify secure routing, and facilitate access control.
{"title":"Using Trusted Computing Technology to Facilitate Security Enforcement in Wireless Sensor Networks","authors":"Yanjiang Yang, Robert H. Deng, F. Bao, Jianying Zhou","doi":"10.1109/APTC.2008.13","DOIUrl":"https://doi.org/10.1109/APTC.2008.13","url":null,"abstract":"Security enforcement in wireless sensor networks is by no means an easy task, due to the inherent resource-constrained nature of sensor nodes. To facilitate security enforcement, we propose to incorporate more powerful high-end Security Enforcement Facilitators (SEFs) into wireless sensor networks. In particular, the SEFs are equipped with TCG-compliant Trusted Platform Modules (TPMs) to protect cryptographic secrets, perform authenticated booting and attest their platform state to a remote base station. As such, the SEFs act as online trusted third parties to effectively monitor the states of sensor nodes, help in key management, simplify secure routing, and facilitate access control.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122680502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We developed 1CD Linux which shows the benefit of trusted computing. It includes Trusted Boot and Platform Trust Services, which use a secure chip "TPM" and are hardware rooted trust. The integrity of platform and vulnerability of packages are verified by the remote attestation. The 1CD Linux includes Union File System, which keeps the keys of TPM and the updated applications for next boot time. User can customize the OS and verify the vulnerability. We also offer the virtual machine "Xen-HVM" which supportsa virtual TPM. The virtual machine does not depend on a physical TPM and makes possible to try the feasibility of trusted computing on many PCs. The ready-to-use environment makes easy to understand the trusted computing and increases the awareness.
{"title":"Trusted Boot and Platform Trust Services on 1CD Linux","authors":"K. Suzaki, K. Iijima, T. Yagi, Nguyen Anh Quynh","doi":"10.1109/APTC.2008.23","DOIUrl":"https://doi.org/10.1109/APTC.2008.23","url":null,"abstract":"We developed 1CD Linux which shows the benefit of trusted computing. It includes Trusted Boot and Platform Trust Services, which use a secure chip \"TPM\" and are hardware rooted trust. The integrity of platform and vulnerability of packages are verified by the remote attestation. The 1CD Linux includes Union File System, which keeps the keys of TPM and the updated applications for next boot time. User can customize the OS and verify the vulnerability. We also offer the virtual machine \"Xen-HVM\" which supportsa virtual TPM. The virtual machine does not depend on a physical TPM and makes possible to try the feasibility of trusted computing on many PCs. The ready-to-use environment makes easy to understand the trusted computing and increases the awareness.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124010304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes solutions for the trusted connection between mobile nodes and mobility anchor points in hierarchical mobile IPv6. Two operation modes are supported for different scenarios: The first one is authentication-only mode for the scenario that the mobility anchor point only needs to ensure any binding update messages are from the claimed mobile nodes. The second one is authentication and authorization mode for the scenario that the mobility anchor point and mobile node need to authenticate each other and the mobility anchor point also needs to know if the mobile node is authorized for using it.
{"title":"Trusted Connection between Mobile Nodes and Mobility Anchor Points in Hierarchical Mobile IPv6","authors":"Y. Qiu, Jianying Zhou, K. Sakurai, F. Bao","doi":"10.1109/APTC.2008.21","DOIUrl":"https://doi.org/10.1109/APTC.2008.21","url":null,"abstract":"This paper proposes solutions for the trusted connection between mobile nodes and mobility anchor points in hierarchical mobile IPv6. Two operation modes are supported for different scenarios: The first one is authentication-only mode for the scenario that the mobility anchor point only needs to ensure any binding update messages are from the claimed mobile nodes. The second one is authentication and authorization mode for the scenario that the mobility anchor point and mobile node need to authenticate each other and the mobility anchor point also needs to know if the mobile node is authorized for using it.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"214 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123297103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: