Institutional Repository
| a drtm-based method for trusted network connection | |
| Feng Wei; Qin Yu; Yu Ai-Min; Feng Dengguo | |
| 2011 | |
| Conference Name | 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on Frontier of Computer Science and Technology, FCST 2011 |
| Source | Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011 |
| Pages | 425-435 |
| Conference Date | November 1 |
| Conference Place | Changsha, China |
| Indexed Type | EI |
| ISBN | 9780769546001 |
| Department | (1) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China |
| English Abstract | Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE.; Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE. |
| Keyword | Access Control Computer Privacy Software Agents Software Reliability |
| Sponsorship | IEEE TCSC; Central South University; National Natural Science Foundation of China (NSFC); StFX University; Zhejiang University |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16252 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Feng Wei,Qin Yu,Yu Ai-Min,et al. a drtm-based method for trusted network connection[C],2011:425-435. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment