| towards remote attestation of security policies | |
| Qian Zhang; Yeping He; Ce Meng | |
| 2010 | |
| 会议名称 | 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing, NSWCTC 2010 |
| 会议录名称 | NSWCTC 2010 - The 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing |
| 页码 | 475-478 |
| 会议日期 | April 24, |
| 会议地点 | Wuhan, Hubei |
| 出版地 | United States |
| ISBN | 978-0-7695-4011-5 |
| 部门归属 | Inst. of Software, Chinese Acad. of Sci., Beijing, China |
| 摘要 | In the environment which supports access control, the behaviors of an application not only depend on the logic of its code, also depend on the security policy enforced in the system. So, while verifying the trustworthy of a remote application, related security policy should be verified besides the application itself. However, the security policies to restrict different applications are commonly mixed as an aggregation, and the alteration of any statement will influence the final binary file of policy, which makes the integrity measurement in mutability, so it's difficult to verify the integrity of security policies by existing methods which search the measurement in a standard measurement library. For this reason, this paper presents a method for remote attestation of security policy, we firstly divide the security policy into smaller low-coupling modules, and then verify the properties of security policy based on the set of all modules' measurement in the process of remote attestation, thus we can effectively reduce the size of standard measurement library, and this makes remote attestation of security policy more easily in the complex distributed environment. In addition, to validate the feasibility of our method, we design and implement some key parts of remote attestation with the policy of SELinux, then analyze the procedure of building trust chain in it. |
| 关键词 | Selinux Remote Attestation Security Policies Security Of Data |
| 主办者 | Huazhong University of Science and Technology; Wuhan University; Huazhong Normal University; National Technical University of Ukraine; Harbin Institute of Technology |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/8948 |
| 专题 | 基础软件国家工程研究中心 |
| 推荐引用方式 GB/T 7714 | Qian Zhang,Yeping He,Ce Meng. towards remote attestation of security policies[C]. United States,2010:475-478. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
| towards remote attes(287KB) | 开放获取 | -- | 请求全文 | |||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论