TY - GEN
T1 - Policy-based implicit attestation for microkernel-based virtualized systems
AU - Wagner, Steffen
AU - Eckert, Claudia
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2016.
PY - 2016
Y1 - 2016
N2 - We present an attestation mechanism that enables a remote verifier to implicitly evaluate the trustworthiness of the prover’s system through policies. Those policies are verified and enforced by a TPM 2.0, when the attestor interacts with a virtualized hardware component of the prover’s system. For instance, when the verifier reads a virtualized sensor device and requests integrity-protected sensor data, such as the average temperature, a heartbeat value, or an anomaly detection score, the prover’s TPM, which acts as a trust anchor, checks and enforces the policies specified by the verifier. The prover, in turn, is also able to define policies, which can limit access to certain hardware components and are also enforced by the TPM. As a result, both parties have to cooperate for a successful attestation, which implicitly creates verifiable proof of the prover’s trustworthiness using mainly symmetric instead of expensive asymmetric cryptographic operations like digital signatures.
AB - We present an attestation mechanism that enables a remote verifier to implicitly evaluate the trustworthiness of the prover’s system through policies. Those policies are verified and enforced by a TPM 2.0, when the attestor interacts with a virtualized hardware component of the prover’s system. For instance, when the verifier reads a virtualized sensor device and requests integrity-protected sensor data, such as the average temperature, a heartbeat value, or an anomaly detection score, the prover’s TPM, which acts as a trust anchor, checks and enforces the policies specified by the verifier. The prover, in turn, is also able to define policies, which can limit access to certain hardware components and are also enforced by the TPM. As a result, both parties have to cooperate for a successful attestation, which implicitly creates verifiable proof of the prover’s trustworthiness using mainly symmetric instead of expensive asymmetric cryptographic operations like digital signatures.
KW - Data integrity
KW - Microkernel
KW - Policy
KW - Remote attestation
KW - Trusted platform module
UR - http://www.scopus.com/inward/record.url?scp=84988366415&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-45871-7_19
DO - 10.1007/978-3-319-45871-7_19
M3 - Conference contribution
AN - SCOPUS:84988366415
SN - 9783319458700
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 305
EP - 322
BT - Information Security - 19th International Conference, ISC 2016, Proceedings
A2 - Bishop, Matt
A2 - Nascimento, Anderson C.A.
PB - Springer Verlag
T2 - 19th Annual International Conference on Information Security, ISC 2016
Y2 - 3 September 2016 through 6 September 2016
ER -