Institutional Repository
| towards remote attestation of security policies | |
| Qian Zhang; Yeping He; Ce Meng | |
| 2010 | |
| Conference Name | 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2010 |
| Source | NSWCTC 2010 - The 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing |
| Pages | 475-478 |
| Conference Date | April 24, |
| Conference Place | Wuhan, Hubei |
| Publish Place | United States |
| ISBN | 978-0-7695-4011-5 |
| Department | Inst. of Software, Chinese Acad. of Sci., Beijing, China |
| English Abstract | In the environment which supports access control, the behaviors of an application not only depend on the logic of its code, also depend on the security policy enforced in the system. So, while verifying the trustworthy of a remote application, related security policy should be verified besides the application itself. However, the security policies to restrict different applications are commonly mixed as an aggregation, and the alteration of any statement will influence the final binary file of policy, which makes the integrity measurement in mutability, so it's difficult to verify the integrity of security policies by existing methods which search the measurement in a standard measurement library. For this reason, this paper presents a method for remote attestation of security policy, we firstly divide the security policy into smaller low-coupling modules, and then verify the properties of security policy based on the set of all modules' measurement in the process of remote attestation, thus we can effectively reduce the size of standard measurement library, and this makes remote attestation of security policy more easily in the complex distributed environment. In addition, to validate the feasibility of our method, we design and implement some key parts of remote attestation with the policy of SELinux, then analyze the procedure of building trust chain in it. |
| Keyword | Selinux Remote Attestation Security Policies Security Of Data |
| Sponsorship | Huazhong University of Science and Technology; Wuhan University; Huazhong Normal University; National Technical University of Ukraine; Harbin Institute of Technology |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/8948 |
| Collection | 基础软件国家工程研究中心 |
| Recommended Citation GB/T 7714 | Qian Zhang,Yeping He,Ce Meng. towards remote attestation of security policies[C]. United States,2010:475-478. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| towards remote attes(287KB) | 开放获取 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment