Scalable attestation: A step toward secure and trusted clouds

Proceedings - 2015 IEEE International Conference on Cloud Engineering, IC2E 2015

Volumn , Issue , 2015, Pages 185-194

  Berger, Stefan ^a   Goldman, Kenneth ^a   Pendarakis, Dimitrios ^a   Safford, David ^a   Valdez, Enriquillo ^a   Zohar, Mimi ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Attestation; Integrity; Security

Indexed keywords

ATTESTATION; INTEGRITY; INTEGRITY ATTACKS; INTEGRITY PROTECTION; REGULATORY REQUIREMENTS; REMOTE ATTACKS; SCALABLE ATTESTATIONS; SECURITY;

HARDWARE;

EID: 84944314610     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IC2E.2015.32     Document Type: Conference Paper

References (35)

1. Trusted Computing Group. Virtualized Trusted Platform Architecture Specification. http://www.trustedcomputinggroup.org/resources/-virtualized-trusted-platform-architecture-specification.
2. W. A. Arbaugh, D. J. Farber, and J. M. Smith, "Secure and Reliable Bootstrap Architecture", in IEEE Computer Society Conference on Security and Privacy, 1997.
3. UEFI. (2013, June) UEFI Specification Version 2.4. http://www.uefi.org/specs/download.
4. Trusted Computing Group. (2012) TCG PC Client Specific Implementation Specification for Conventional BIOS. http://www.trustedcomputinggroup.org/resources/pc-client-work-group-specific-implementation-specification-for-conventional-bios-specification-version-12.
5. W. Futral and J. Greene, Intel Trusted Execution Technology for Server Platforms. Apress, 2013.
6. OpenAttestation. OpenAttestation Wiki. https://github.com/OpenAttestation/OpenAttestation/wiki.
7. Trusted Computing Group. (2011, March) TPM Main Specification Level 2. http://www.trustedcomputinggroup.org/resources/tpm main specification. Version 1.2, Revision 116.
8. IMA. Integrity Measurement Architecture. http://sourceforge.net/p/linux-ima/wiki/Home.
9. R. Sailer, X. Zhang, T. Jaeger, and L. Van Doorn, "Design and Implementation of a TCG-based Integrity Measurement Architecture", in Proceedings of the 13th USENIX Security Symposium, August 2004.
10. K. R. Jayaram, D. Safford, U. Sharma, V. Naik, D. Pendarakis, and S. Tao, "Trustworthy geographically fenced hybrid clouds", in Middleware, December 2014.
11. J. Schiffman, H. Vijayakumar, and T. Jaeger, "Verifying System Integrity by Proxy", in 5th International Conference on Trust and Trustworthy Computing, 2012, pp. 179-201.
12. J. Schiffman, T. Moyer, H. Vijayakumar, T. Jaeger, and P. McDaniel, "Seeding clouds with trust anchors", in Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, ser. CCSW'10. New York, NY, USA: ACM, 2010, pp. 43-46. [Online]. Available: http://doi.acm.org/10.1145/1866835.1866843
13. J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel, "Network-based Root of Trust for Installation", IEEE Security and Privacy, Jan/Feb. 2011.
14. OpenPTS. Open Platform Trust Services. http://openpts.sourceforge.jp.
15. A. Steffan, "The Linux Integrity Subsystem and TPM-based Network Endpoint Assessment", in Linux Security Summit, August 2012.
16. P. Williams and R. Boivie, "CPU Support for Secure Executables", in Trust and Trustworthy Computing: 4th International Conference, TRUST 2011, Pittsburgh, PA, USA, June 22-24, 2011, Proceedings, vol. 6740. Springer, 2011, p. 172.
17. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, "Innovative Instructions and Software Model for Isolated Execution", in Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013, p. 10.
18. R. B. Lee, P. C. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang, "Architecture for Protecting Critical Secrets in Microprocessors", in Computer Architecture, 2005. ISCA'05. Proceedings. 32nd International Symposium on. IEEE, 2005, pp. 2-13.
19. M. Zohar. ima: larger digests and extensible template support. http://lwn. net/Articles/571221.
20. NIST. (2012, December) Tusted Geolocation in the Cloud: Proof of Concept Implementation (Draft). http://csrc.nist.gov/publications/drafts/ir7904/draft nistir 7904.pdf.
21. BakerHostetler. 2014 International Compendium of Data Privacy Laws. http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/International-Compendium-of-Data-Privacy-Laws.pdf.
22. QEMU. http://www.qemu.org.
23. E. Reshetova. Bootstrapping the Policies for LSMs for Native and Web Applications. http://kernsec.org/files/LinuxSecuritySummit2012 rpm.pdf.
24. IBM Research. libtpms. https://github.com/stefanberger/libtpms.
25. -. swtpm. https://github.com/stefanberger/swtpm.
26. J. Edge. Character devices in user space. http://lwn.net/Articles/308445/.
27. Software Stack. http://www.trustedcomputinggroup.org/developers/software stack.
28. K. O'Connor. SeaBIOS. http://www.seabios.org/SeaBIOS.
29. SeaBIOS. http://www.coreboot.org/SeaBIOS.
30. The virtualization API. http://libvirt.org/.
31. Understand the TPM Endorsement Key. http://technet.microsoft.com/en-us/library/cc770443.aspx.
32. Virtual Machine Manager. http://virt-manager.org.
33. Nova. https://wiki.openstack.org/wiki/Nova.
34. M. Zohar. ima: extending secure boot certificate chain of trust. http://lwn. net/Articles/564114.
35. Trusted Computing Group. TCG Physical Presence Interface Specification. http://www.trustedcomputinggroup.org/resources/tcg-physical-presence-interface-specification.