towards remote attestation of security policies | |
Qian Zhang ; Yeping He ; Ce Meng | |
2010 | |
会议名称 | 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2010 |
会议日期 | April 24, |
会议地点 | Wuhan, Hubei |
关键词 | SELinux remote attestation security policies security of data |
页码 | 475-478 |
英文摘要 | In the environment which supports access control, the behaviors of an application not only depend on the logic of its code, also depend on the security policy enforced in the system. So, while verifying the trustworthy of a remote application, related security policy should be verified besides the application itself. However, the security policies to restrict different applications are commonly mixed as an aggregation, and the alteration of any statement will influence the final binary file of policy, which makes the integrity measurement in mutability, so it's difficult to verify the integrity of security policies by existing methods which search the measurement in a standard measurement library. For this reason, this paper presents a method for remote attestation of security policy, we firstly divide the security policy into smaller low-coupling modules, and then verify the properties of security policy based on the set of all modules' measurement in the process of remote attestation, thus we can effectively reduce the size of standard measurement library, and this makes remote attestation of security policy more easily in the complex distributed environment. In addition, to validate the feasibility of our method, we design and implement some key parts of remote attestation with the policy of SELinux, then analyze the procedure of building trust chain in it. |
会议主办者 | Huazhong University of Science and Technology; Wuhan University; Huazhong Normal University; National Technical University of Ukraine; Harbin Institute of Technology |
会议录 | NSWCTC 2010 - The 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing
![]() |
会议录出版地 | United States |
ISBN号 | 978-0-7695-4011-5 |
内容类型 | 会议论文 |
源URL | [http://124.16.136.157/handle/311060/8948] ![]() |
专题 | 软件研究所_基础软件国家工程研究中心_会议论文 |
推荐引用方式 GB/T 7714 | Qian Zhang,Yeping He,Ce Meng. towards remote attestation of security policies[C]. 见:2nd International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2010. Wuhan, Hubei. April 24,. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论