Client-side access control enforcement using trusted computing and PEI models

Journal of High Speed Networks

Volumn 15, Issue 3, 2006, Pages 229-245

  Sandhu, Ravi ^a,b,e   Zhang, Xinwen ^a   Ranganathan, Kumar ^c   Covington, Michael J ^d  

^a GEORGE MASON UNIVERSITY   (United States)

^b TriCipher Inc   (United States)

^c INTEL TECHNOLOGY INDIA PVT LTD   (India)

^d INTEL CORPORATION   (United States)

^e George Mason University   (United States)

Author keywords

Access control; Client side security enforcement; PEI models; Security framework; Trusted computing

Indexed keywords

ACCESS CONTROL; CLIENT-SIDE SECURITY ENFORCEMENT; PEI MODELS; SECURITY FRAMEWORK; TRUSTED COMPUTING;

COMPUTER HARDWARE; DISTRIBUTED COMPUTER SYSTEMS; FUNCTIONS; MATHEMATICAL MODELS; PUBLIC POLICY; SECURITY OF DATA;

CONTROL SYSTEMS;

EID: 33747846186     PISSN: 09266801     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (30)

1. Eros: The extremely reliable operating system, http://www.eros-os.org/ eros.html.
2. Skype, http://www.skype.com.
3. TCG Specification Architecture Overview, http://www. trustedcomputinggroup.org.
4. Trusted platform module (TPM) security policy, http://www. trustedcomputinggroup.org.
5. TrustedBSD: Adding trusted operating system features to FreeBSD, in: Proceedings of the FREENIX Track: USENIX Annual Technical Conference, Boston, MA, USA, 2001, pp. 15-28.
6. AMD platform for trustworthy computing, Microsoft WinHEC, http://www.microsoft.com/whdc/winhec/pres03.mspx, 2003.
7. Symantec Internet security threat report, Trends for July 1, 2003-December 31, 2003.
8. TCG Software Stack (TSS) Specification Version 1.10, https://www. trustedcomputinggroup.org, 2003.
9. TCPA resources, IBM Watson Research, http://www.research.ibm.com/gsal/ tcpa, 2003.
10. TPM Main Part 1 Design Principles Specification Version 1.2, https://www.trustedcomputinggroup.org, 2003.
11. Trusted Mobile Platform, Software Architecture Description, http://www.trusted-mobile.org/, 2004.
12. B. Balacheff, L. Chen, S. Pearson, D. Plaquin and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context, Prentice Hall PTR, 2003.
13. D.E. Bell and L.J. LaPadula, Secure computer systems: Unified exposition and Multics interpretation, Technical Report ESD-TR-75-306, The Mitre Corporation, Bedford, MA, March 1975.
14. E. Brickell, J. Camenisch and L. Chen, Direct anonymous attestation, in: Proceedings of ACM Conference on Computer and Communication Security, Washington, DC, USA, 2004, pp. 132-145.
15. Department of Defense National Computer Security Center, Department of Defense Trusted Computer Systems Evaluation Criteria, December 1985, DoD 5200.28-STD.
16. Department of Defense National Computer Security Center, Trusted Database Interpretation of the Trusted Computer Systems Evaluation Criteria, April 1991, NCSC-TG-021.
17. V. Haldar, D. Chandra and M. Franz, Semantic remote attestation - a virtual machine directed approach to trusted computing, in: Proceedings of the Third virtual Machine Research and Technology Symposium, San Jose, CA, USA, 2004, USENIX, pp. 29-41.
18. B. Lampson, Computer security in the real world, IEEE Computer (6) (2004), 37-46.
19. R. Levin, E. Cohen, W. Corwin, F. Pollack and W. Wulf, Policy/mechanism separation in Hydra, in: 5th ACM Symposium on Operating Systems Principles, 1975, pp. 132-140.
20. H. Levy, Capability-based computer systems, Digital Press, 1984, Available at http://www.cs.washington.edu/homes/levy/capabook/index.html.
21. P. Loscocco and S. Smalley, Integrating flexible support for security policies into the Linux operating system, in: Proceedings of USENIX Annual Technical Conference, 2001, pp. 29-42.
22. abc usage control model, ACM Transactions on Information and Systems Security 7(1) (2004), 128-174.
23. J.S. Park and R. Sandhu, Binding identities and attributes using digitally signed certificates, in: Proceedings Annual Computer Security Applications Conference, New Orleans, LA, USA, 2000, pp. 120-127.
24. A. Sadeghi and C. Stuble, Taming trusted platforms by operating system design, in: Proceedings of the 4th International Workshop for Information Security Applications, LNCS 2908, Berlin, Germany, 2003, pp. 286-302.
25. A. Sadeghi and C. Stuble, Property-based attestation for computing platforms: Caring about properties, not mechanisms, in: Proceedings of New Security Paradigms Workshop, NS, Canada, 2004, pp. 67-77.
26. R. Sailer, T. Jaeger, X. Zhang and L. van Doom, Attestation-based policy enforcement for remote access, in: Proceedings of ACM Conference on Computer and Communication Security, Washington, DC, USA, 2004, pp. 308-317.
27. J.H. Saltzer, Information protection and the control of sharing in the Multics system, Communications of the ACM 17(7) (1974).
28. R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role based access control models, IEEE Computer 29(2) (1996).
29. R. Sandhu, K. Ranganathan and X. Zhang, Secure information sharing enabled by trusted computing and PEI models, in: Proceedings of ACM Symposium on Information, Computer, and Communication Security, Taipei, Taiwan, 2006.
30. X. Zhang, F. Parisi-Presicce, R. Sandhu and J. Park, Formal model and policy specification of usage control, ACM Transactions on Information and Systems Security 8(4) (2005), 351-387.