Trusted Platform Modules 2015

 

 
SoS Logo

Trusted Platform Modules 2015

 

A Trusted Platform Module (TPM) is a computer chip that can securely store artifacts used to authenticate a network or platform. These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure the platform remains trustworthy. Interest in TPMs is growing due to their potential for solving hard problems in security such as composability and cyber-physical system security, and resilience. The works cited here were published in 2015.




Jaewon Yang, Xiuwen Liu, Shamik Bose; “Preventing Cyber-Induced Irreversible Physical Damage to Cyber-Physical Systems,” CISR ’15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article

No. 8. doi:10.1145/2746266.2746274

Abstract: Ever since the discovery of the Stuxnet malware, there have been widespread concerns about disasters via cyber-induced physical damage on critical infrastructures. Cyber physical systems (CPS) integrate computation and physical processes; such infrastructure systems are examples of cyber-physical systems, where computation and physical processes are integrated to optimize resource usage and system performance. The inherent security weaknesses of computerized systems and increased connectivity could allow attackers to alter the systems’ behavior and cause irreversible physical damage, or even worse cyber-induced disasters. However, existing security measures were mostly developed for cyber-only systems and they cannot be effectively applied to CPS directly. Thus, new approaches to preventing cyber physical system disasters are essential. We recognize very different characteristics of cyber and physical components in CPS, where cyber components are flexible with large attack surfaces while physical components are inflexible and relatively simple with very small attack surfaces. This research focuses on the components where cyber and physical components interact. Securing cyber-physical interfaces will complete a layer-based defense strategy in the “Defense in Depth Framework”. In this paper we propose Trusted Security Modules as a systematic solution to provide a guarantee of preventing cyber-induced physical damage even when operating systems and controllers are compromised. TSMs will be placed at the interface between cyber and physical components by adapting the existing integrity enforcing mechanisms such as Trusted Platform Module, Control-Flow Integrity, and Data-Flow Integrity.

Keywords: Cyber-induced physical damage, Trusted Security Module (ID#: 15-7630)

URL: http://doi.acm.org/10.1145/2746266.2746274



Tobias Rauter, Andrea Höller, Nermin Kajtazovic, Christian Kreiner; “Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients,” IoTPTS ’15 Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security, April 2015, Pages 3–9. doi:10.1145/2732209.2732211

Abstract: Remote attestation is used to assure the integrity of a trusted platform (prover) to a remote party (challenger). Traditionally, plain binary attestation (i.e., attesting the integrity of software by measuring their binaries) is the method of choice. Especially in the resource-constrained embedded domain with the ever-growing number of integrated services per platform, this approach is not feasible since the challenger has to know all possible ‘good’ configurations of the prover. In this work, a new approach based on software privileges is presented. It reduces the number of possible configurations the challenger has to know by ignoring all services on the prover that are not used by the challenger. For the ignored services, the challenger ensures that they do not have the privileges to manipulate the used services. To achieve this, the prover measures the privileges of its software modules by parsing their binaries for particular system API calls. The results show significant reduction of need-to-know configurations. The implementation of the central system parts show its practicability, especially if combined with a fine-grained system API.

Keywords: embedded systems, privilege classification, remote attestation, trusted computing (ID#: 15-7631)

URL: http://doi.acm.org/10.1145/2732209.2732211



Jianbao Ren, Yong Qi, Yuehua Dai, Xiaoguang Wang, Yi Shi; “AppSec: A Safe Execution Environment for Security Sensitive Applications,” VEE ’15 Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 2015, Pages 187–199. doi:10.1145/2731186.2731199

Abstract: Malicious OS kernel can easily access user’s private data in main memory and pries human-machine interaction data, even one that employs privacy enforcement based on application level or OS level. This paper introduces AppSec, a hypervisor-based safe execution environment, to protect both the memory data and human-machine interaction data of security sensitive applications from the untrusted OS transparently.  AppSec provides several security mechanisms on an untrusted OS. AppSec introduces a safe loader to check the code integrity of application and dynamic shared objects. During runtime, AppSec protects application and dynamic shared objects from being modified and verifies kernel memory accesses according to application’s intention. AppSec provides a devices isolation mechanism to prevent the human-machine interaction devices being accessed by compromised kernel. On top of that, AppSec further provides a privileged-based window system to protect application’s X resources. The major advantages of AppSec are threefold. First, AppSec verifies and protects all dynamic shared objects during runtime. Second, AppSec mediates kernel memory access according to application’s intention but not encrypts all application’s data roughly. Third, AppSec provides a trusted I/O path from end-user to application. A prototype of AppSec is implemented and shows that AppSec is efficient and practical.

Keywords: human-machine interaction, kernel, privacy, vmm (ID#: 15-7632)

URL: http://doi.acm.org/10.1145/2731186.2731199



Jing (Dave) Tian, Kevin R.B. Butler, Patrick D. McDaniel, Padma Krishnaswamy; “Securing ARP from the Ground Up,” CODASPY ’15 Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, March 2015, Pages 305–312. doi:10.1145/2699026.2699123

Abstract: The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device’s Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol.  This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host’s ARP cache on a set of operational rules and properties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.

Keywords: arp, logic, spoofing, trusted computing, trusted protocols (ID#: 15-7633)

URL: http://doi.acm.org/10.1145/2699026.2699123



Seongwook Jin, Jinho Seol, Jaehyuk Huh, Seungryoul Maeng; “Hardware-Assisted Secure Resource Accounting Under a Vulnerable Hypervisor,” VEE ’15 Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, March 2015, Pages 201–213.  doi:10.1145/2731186.2731203

Abstract: With the proliferation of cloud computing to outsource computation in remote servers, the accountability of computational resources has emerged as an important new challenge for both cloud users and providers. Among the cloud resources, CPU and memory are difficult to verify their actual allocation, since the current virtualization techniques attempt to hide the discrepancy between physical and virtual allocations for the two resources. This paper proposes an online verifiable resource accounting technique for CPU and memory allocation for cloud computing. Unlike prior approaches for cloud resource accounting, the proposed accounting mechanism, called Hardware-assisted Resource Accounting (HRA), uses the hardware support for system management mode (SMM) and virtualization to provide secure resource accounting, even if the hypervisor is compromised. Using a secure isolated execution support of SMM, this study investigates two aspects of verifiable resource accounting for cloud systems. First, this paper presents how the hardware-assisted SMM and virtualization techniques can be used to implement the secure resource accounting mechanism even under a compromised hypervisor. Second, the paper investigates a sample-based resource accounting technique to minimize performance overheads. Using a statistical random sampling method, the technique estimates the overall CPU and memory allocation status with 99%~100% accuracies and performance degradations of 0.1%~0.5%.

Keywords: cloud, resource accounting, virtualization (ID#: 15-7634)

URL: http://doi.acm.org/10.1145/2731186.2731203



Fernando A. Teixeira, Gustavo V. Machado, Fernando M.Q. Pereira, Hao Chi Wong, José M. S. Nogueira, Leonardo B. Oliveira; “SIoT: Securing the Internet of Things Through Distributed System Analysis,” IPSN ’15 Proceedings of the 14th International Conference on Information Processing in Sensor Networks, April 2015, Pages 310–321. doi:10.1145/2737095.2737097

Abstract: The Internet of Things (IoT) is increasingly more relevant. This growing importance calls for tools able to provide users with correct, reliable and secure systems. In this paper, we claim that traditional approaches to analyze distributed systems are not expressive enough to address this challenge. As a solution to this problem, we present SIoT, a framework to analyze networked systems. SIoT’s key insight is to look at a distributed system as a single body, and not as separate programs that exchange messages. By doing so, we can crosscheck information inferred from different nodes. This crosschecking increases the precision of traditional static analyses. To construct this global view of a distributed system we introduce a novel algorithm that discovers inter-program links efficiently. Such links lets us build a holistic view of the entire network, a knowledge that we can thus forward to a traditional tool. We prove that our algorithm always terminates and that it correctly models the semantics of a distributed system. To validate our solution, we have implemented SIoT on top of the LLVM compiler, and have used one instance of it to secure 6 ContikiOS applications against buffer overflow attacks. This instance of SIoT produces code that is as safe as code secured by more traditional analyses; however, our binaries are on average 18% more energy-efficient.

Keywords: buffer overflow, distributed system analysis, internet of things, software security (ID#: 15-7635)

URL: http://doi.acm.org/10.1145/2737095.2737097



Ahmad-Reza Sadeghi, Christian Wachsmann, Michael Waidner; “Security and Privacy Challenges in Industrial Internet of Things,” DAC ’15 Proceedings of the 52nd Annual Design Automation Conference, June 2015, Article No. 54. doi:10.1145/2744769.2747942

Abstract: Today, embedded, mobile, and cyberphysical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as “Industrie 4.0” and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. These systems generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. Cyberattacks on IoT systems are very critical since they may cause physical damage and even threaten human lives. The complexity of these systems and the potential impact of cyberattacks bring upon new threats.  This paper gives an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.

Keywords: (not provided) (ID#: 15-7636)

URL: http://doi.acm.org/10.1145/2744769.2747942



Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, Patrick Koeberl; “TyTAN: Tiny Trust Anchor for Tiny Devices,” DAC ’15 Proceedings of the 52nd Annual Design Automation Conference, June 2015, Article No. 34. doi:10.1145/2744769.2744922

Abstract: Embedded systems are at the core of many security-sensitive and safety-critical applications, including automotive, industrial control systems, and critical infrastructures. Existing protection mechanisms against (software-based) malware are inflexible, too complex, expensive, or do not meet real-time requirements.  We present TyTAN, which, to the best of our knowledge, is the first security architecture for embedded systems that provides (1) hardware-assisted strong isolation of dynamically configurable tasks and (2) real-time guarantees. We implemented TyTAN on the Intel® Siskiyou Peak embedded platform and demonstrate its efficiency and effectiveness through extensive evaluation.

Keywords: (not provided) (ID#: 15-7637)

URL: http://doi.acm.org/10.1145/2744769.2744922



Sumra, Irshad Ahmed; Hasbullah, Halabi Bin; Manan, Jamalul-lail Ab, “Using TPM to Ensure Security, Trust and Privacy (STP) in VANET,” in Information Technology: Towards New Smart World (NSITNSW), 2015 5th National Symposium on, vol., no., pp. 103–108, 17-19 Feb. 2015. doi:10.1109/NSITNSW.2015.7176402

Abstract: Safety and non-safety applications of VANET provides solutions for road accidents in current traffic system. Security is one of the key research area for successful implementation of safety and non-safety applications of VANET in real environment. Trust and Privacy are two major components of security and dynamic topology and high mobility of vehicles make it more challenging task for end users in network. We propose a new and practical card-based scheme to ensure the Security, Trust and Privacy (STP) in vehicular network. Proposed scheme is based on security hardware module i-e trusted platform module (TPM). The basic objective of proposed scheme is to create trusted security environment for end users in network and user take benefits of potential application of VANET.

Keywords: telecommunication network topology; telecommunication security; telecommunication traffic; vehicular ad hoc networks; STP; TPM; VANET; current traffic system; dynamic topology; i-e trusted platform module; nonsafety applications; practical card; real environment; road accidents; security hardware module; security-trust-privacy; trusted security environment; vehicle mobility; vehicular ad hoc network; Hardware; Principal component analysis; Privacy; Safety; Security; Vehicles; Vehicular ad hoc networks; Card based scheme; trusted platform module (TPM); Safety Applications; Security; Trust and Privacy (STP); Vehicular Ad hoc Network (VANET) (ID#: 15-7638)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7176402&isnumber=7176382



Karter, L.; Ferhati, L.; Tafa, I.; Saatciu, D.; Fejzaj, J., “Security Evaluation of Embedded Hardware Implementation,” in Science and Information Conference (SAI) 2015, vol., no., pp. 1272–1276, 28–30 July 2015. doi:10.1109/SAI.2015.7237307

Abstract: The main objective of this paper is the evaluation of security features in TPM implementations. Nowadays security is very important, especially for those who keep important information on their computers, such as passwords, bank accounts and certificates. TPM can help to keep the information protected from possible adversaries. In order to trust in a TPM-enabled computing device, one must be sure that it really secures the stored information in it. In this paper are investigated security features and concerns of TPM and also is performed an evaluation of the advantages and disadvantages its shows. The evaluation is based on different experimental results which include TPM implementation and capabilities involving various software and computers equipped with embedded TPM.

Keywords: cryptography; data protection; embedded systems; trusted computing; TPM capabilities; TPM implementation; TPM-enabled computing device; embedded hardware implementation; information protection; information secures; security evaluation; security feature evaluation; trusted platform module; Computers; Encryption; Hardware; Linux; Software; Computer Attacks; Cryptographic and Protection Capabilities; Security Features; Time Stamping; Trusted Platform Module (ID#: 15-7639)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7237307&isnumber=7237120



Kanstrén, T.; Lehtonen, S.; Savola, R.; Kukkohovi, H.; Hätönen, K., “Architecture for High Confidence Cloud Security Monitoring,” in Cloud Engineering (IC2E), 2015 IEEE International Conference on, vol., no., pp. 195–200, 9–13 March 2015. doi:10.1109/IC2E.2015.21

Abstract: Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.

Keywords: cloud computing; security of data; virtual machines; TPM; external cloud-based environment; external hosts; guest virtual machines; high confidence cloud security monitoring; host infrastructure; measurement probes; networked system; operational security assurance; operational state; trusted platform modules; Computer architecture; Cryptography; Monitoring; Probes; Servers; Virtual machining; TPM; cloud; monitoring; secure element; security assurance (ID#: 15-7640)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7092917&isnumber=7092808



Sungjin Park; Jae Nam Yoon; Cheoloh Kang; Kyong Hoon Kim; Taisook Han, “TGVisor: A Tiny Hypervisor-Based Trusted Geolocation Framework for Mobile Cloud Clients,” in Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2015 3rd IEEE International Conference on, vol., no., pp. 99–108, March 30 2015–April 3 2015. doi:10.1109/MobileCloud.2015.17

Abstract: In cloud computing, geographic location of data is one of major security concerns of cloud users. To resolve this problem, most of previous work has been done on trusted relocation service in cloud service providers. For example, users are allowed to determine the physical location of their cloud servers and ensured about their requirements of relocation-based restrictions. However, it is also essential to handle trusted relocation service at cloud users’ devices in mobile cloud computing. As mobile cloud tenants use cloud services everywhere, trusted relocation of cloud users arises a new security issue. Thus, in this paper, we present a novel trusted relocation system named Devisor for cloud user devices. The key mechanism of Devisor is providing a trusted channel between the relocation server and the GPS module in each mobile client device. We leverage Trusted Platform Module (TPM) and tiny hyper visor in order to securely perform the attestation of the relocation of client devices. To prove the practicality of Devisor, we design and implement a cloud word processor with trusted relocation service based on Ether pad. We also evaluate the performance of Devisor in cloud devices and show that it causes only 8.3% overhead in JavaScript benchmark, which indicates the feasibility of TGVisor.

Keywords: Global Positioning System; Java; cloud computing; geographic information systems; mobile computing; network servers; trusted computing; word processing; Etherpad; GPS module; JavaScript benchmark; TGVisor; TPM; cloud servers; cloud service providers; cloud user devices; cloud word processor; geographic location; geolocation-based restrictions; mobile client device; mobile cloud clients; mobile cloud computing; mobile cloud tenants; security issue; tiny hypervisor-based trusted geolocation framework; trusted geolocation service; trusted platform module; Cryptography; Geology; Mobile communication; Protocols; Servers; Virtual machine monitors; tiny hypervisor; trusted geolocation (ID#: 15-7641)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7130874&isnumber=7130853



Kashif, U.A.; Memon, Z.A.; Balouch, A.R.; Chandio, J.A., “Distributed Trust Protocol for IaaS Cloud Computing,” in Applied Sciences and Technology (IBCAST), 2015 12th International Bhurban Conference on, vol., no., pp. 275–279, 13–17 Jan. 2015. doi:10.1109/IBCAST.2015.7058516

Abstract: Due to economic benefits of cloud computing, consumers have rushed to adopt Cloud Computing. Apart from rushing into cloud, security concerns are also raised. These security concerns cause trust issue in adopting cloud computing. Enterprises adopting cloud, will have no more control over data, application and other computing resources that are outsourced from cloud computing provider. In this paper we propose a novel technique that will not leave consumer alone in cloud environment. Firstly we present theoretical analysis of selected state of the art technique and identified issues in IaaS cloud computing. Secondly we propose Distributed Trust Protocol for IaaS Cloud Computing in order to mitigate trust issue between cloud consumer and provider. Our protocol is distributed in nature that lets the consumer to check the integrity of cloud computing platform that is in the premises of provider’s environment. We follow the rule of security duty separation between the premises of consumer and provider and let the consumer be the actual owner of the platform. In our protocol, user VM hosted at IaaS Cloud Computing uses Trusted Boot process by following specification of Trusted Computing Group (TCG) and by utilizing Trusted Platform Module (TPM) Chip of the consumer. The protocol is for the Infrastructure as a Service IaaS i.e. lowest service delivery model of cloud computing.

Keywords: cloud computing; formal specification; security of data; trusted computing; virtual machines; IaaS cloud computing; Infrastructure as a Service; TCG specification; TPM chip; Trusted Computing Group; cloud computing platform integrity checking; cloud consumer; cloud environment; cloud provider; computing resources; distributed trust protocol; economic benefit; security concern; security duty separation; service delivery model; trust issue mitigation; trusted boot process; trusted platform module chip; user VM; Hardware; Information systems; Security; Virtual machine monitors; Trusted cloud computing; cloud security and trust; virtualization (ID#: 15-7642)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7058516&isnumber=7058466



Syed, T.A.; Musa, S.; Rahman, A.; Jan, S., “Towards Secure Instance Migration in the Cloud,” in Cloud Computing (ICCC), 2015 International Conference on, vol., no., pp. 1-6, 26-29 April 2015. doi:10.1109/CLOUDCOMP.2015.7149664

Abstract: Hosting service providers are completely shifting towards cloud computing from dedicated hardware. However, corporates waffles to move their sensitive data to such a solution where data is no more in their control. The pay-as-you-go is primary notion of cloud service providers. However, they share infrastructure between different tenants that brings security issues. There is a need to provide trust and confidence to corporates that security mechanisms being used by the service providers are secure. Existing IaaS (Infrastructure as a Service) providers have adopted all standard software-based security solutions. However, recent research shows that softwares security solutions are itself vulnerable to attack. In this regard Trusted Computing Group (TCG) introduced hardware root-of-trust concept where highly sensitive information is stored in co-processor called Trusted Platform Module (TPM) rather than the software. Migration is an important process in cloud infrastructures. There are many solutions offered by service providers that improve performance of their client’s services such as web and database. For example, CloudFront, Elastic Load Balancing (ELB) etc., offered by Amazon AWS. These services move customer’s data between cloud infrastructure quit often. However, they do not provide hardware backed solutions, such as Trusted Computing, to migrate customer’s data between infrastructures. In this paper we have incorporated a new component in OpenStack called Secure Instance Migration Module (SIMM). SIMM is backed by Trusted Computing constructs that protects integrity of instance data while migration takes place. By incorporation of SIMM module, cloud customers will have more confidence regarding their sensitive data. We have also discussed architecture and implementation of SIMM module.

Keywords: cloud computing; data integrity; resource allocation; trusted computing; Amazon AWS; CloudFront; IaaS providers; OpenStack; SIMM module; TCG; TPM; attack vulnerablility; client services; cloud infrastructures; cloud service providers; coprocessor; data integrity protection; elastic load balancing; hardware root-of-trust concept; infrastructure as a service providers; secure instance migration module; security mechanisms; software-based security solutions; trusted computing group; trusted platform module; Cloud computing; Clouds; Cryptography; Hardware; Servers; Virtual machine monitors (ID#: 15-7643)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149664&isnumber=7149613



Kanstrén, T.; Lehtonen, S.; Kukkohovi, H., “Opportunities in Using a Secure Element to Increase Confidence in Cloud Security Monitoring,” in Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on, vol., no., pp. 1093–1098, June 27 2015–July 2 2015. doi:10.1109/CLOUD.2015.159

Abstract: In this paper we discuss applications of a secure element (SE) such as trusted platform module (TPM) for increasing confidence in cloud security monitoring from the cloud customer viewpoint. Monitoring security of cloud-based systems is similar in many ways to traditional in-house networks, but with the difference that the actual hardware is hosted by an external party and not under our control. This provides some unique challenges and opportunities for security monitoring. We discuss these challenges, identify related opportunities for SE use, and use these to present solutions to the identified challenges. This is based on three different use cases identified together with our industry partners. These are the monitoring of elements of the host infrastructure, monitoring our virtualized guest instances running on this infrastructure, and collecting and archiving log data for later external auditing of the cloud customer services. For each of these, we describe the problem area and different ways we have applied a TPM to increase trust and visibility.

Keywords: cloud computing; security of data; trusted computing; SE; TPM; cloud customer service; cloud security monitoring confidence; secure element; trusted platform module; Cloud computing; Cryptography; Monitoring; Probes; Virtual machining; cloud; security monitoring; tpm

(ID#: 15-7644)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7214169&isnumber=7212169



Hao, F.; Clarke, D.; Zorzo, A., “Deleting Secret Data with Public Verifiability,” in Dependable and Secure Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1–1, April 2015. doi:10.1109/TDSC.2015.2423684

Abstract: Existing software-based data erasure programs can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a onebit- return protocol turns the data deletion system into a black box – the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside. In this paper, we present a cryptographic solution that aims to make the data deletion process more transparent and verifiable. In contrast to the conventional black/white assumptions about TPM (i.e., either completely trust or distrust), we introduce a third assumption that sits in between: namely, “trust-but-verify”. Our solution enables a user to verify the correct implementation of two important operations inside a TPM without accessing its source code: i.e., the correct encryption of data and the faithful deletion of the key. Finally, we present a proof-of-concept implementation of the SSE system on a resource-constrained Java card to demonstrate its practical feasibility. To our knowledge, this is the first systematic solution to the secure data deletion problem based on a “trust-but-verify” paradigm, together with a concrete prototype implementation.

Keywords: Encryption; Protocols; Public key; Resistance; Software (ID#: 15-7645)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087355&isnumber=4358699



Pasquier, T.F.J.-M.; Singh, J.; Eyers, D.; Bacon, J., “CamFlow: Managed Data-sharing for Cloud Services,” in Cloud Computing, IEEE Transactions on, vol. PP, no. 99, pp. 1-1, October 2105. doi:10.1109/TCC.2015.2489211

Abstract: A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within ‘Internet of Things’ architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner’s control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners’ dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the identification of policy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware. Our contribution is to demonstrate the feasibility of incorporating IFC into cloud services: we show how the incorporation of IFC into cloud-provided OSs underlying PaaS and SaaS would address application sharing and protection requirements, and more generally, greatly enhance the trustworthiness of cloud services at all levels, at little overhead, and transparently to tenants.

Keywords: Access control; Cloud computing; Computational modeling; Computer architecture; Containers; Context; Audit; Cloud; Compliance; Data Management; Information Flow Control; Linux Security Module; Middleware; PaaS; Provenance; Security

(ID#: 15-7646)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7295590&isnumber=6562694



Aversa, R.; Panza, N.; Tasquier, L., “An Agent-Based Platform for Cloud Applications Performance Monitoring,” in Complex, Intelligent, and Software Intensive Systems (CISIS), 2015 Ninth International Conference on, vol., no., pp. 535–540, 8–10 July 2015. doi:10.1109/CISIS.2015.79

Abstract: The monitoring of the resources is one among the major challenges that the virtualization brings with it within the Cloud environments. In order to ensure scalability and dependability, the user’s applications are often distributed on several computational resources, such as Virtual Machines, storages and so on. For this reason, the customer is able to retrieve information about the Cloud infrastructure only by acquiring monitoring services provided by the same vendor that is offering the Cloud resources, thus being forced to trust the Cloud provider about the detected performance indexes. In this work we present a complete architecture that covers all the monitoring activities that take place within a Cloud application lifecycle: we also propose an agent-based implementation of a particular module of the designed architecture that ensures high customization of the monitoring facility and more tolerance to network and resource failures.

Keywords: cloud computing; information retrieval; multi-agent systems; software performance evaluation; virtualisation; agent-based platform; cloud application performance monitoring; computational resources; monitoring facility; resource monitoring; virtual machines; virtualization; Charge measurement; Cloud computing; Computer architecture; Monitoring; Probes; Standards; Time measurement; Cloud Monitoring; IaaS Cloud; Mobile Agents; Service Level Agreement (ID#: 15-7647)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7185244&isnumber=7185122


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.