| a drtm-based method for trusted network connection | |
| Feng Wei; Qin Yu; Yu Ai-Min; Feng Dengguo | |
| 2011 | |
| 会议名称 | 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on Frontier of Computer Science and Technology, FCST 2011 |
| 会议录名称 | Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011 |
| 页码 | 425-435 |
| 会议日期 | November 1 |
| 会议地点 | Changsha, China |
| 收录类别 | EI |
| ISBN | 9780769546001 |
| 部门归属 | (1) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China |
| 摘要 | Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE.; Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible. © 2011 IEEE. |
| 关键词 | Access Control Computer Privacy Software Agents Software Reliability |
| 主办者 | IEEE TCSC; Central South University; National Natural Science Foundation of China (NSFC); StFX University; Zhejiang University |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/16252 |
| 专题 | 中国科学院软件研究所 |
| 推荐引用方式 GB/T 7714 | Feng Wei,Qin Yu,Yu Ai-Min,et al. a drtm-based method for trusted network connection[C],2011:425-435. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论