Achieving attestation with less effort: An indirect and configurable approach to integrity reporting

Jun Ho Huh; Hyoungshick Kim; John Lyle; Andrew Martin

doi:10.1145/2046582.2046589

Achieving attestation with less effort: An indirect and configurable approach to integrity reporting

Jun Ho Huh, Hyoungshick Kim, John Lyle, Andrew Martin

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

This paper proposes an indirect attestation paradigm for verifying the trustworthiness of end user platforms. This approach overcomes several criticisms of attestation by maintaining the user's freedom to choose their own software configurations and minimising the whitelist management overhead for the relying party. Each user platform defines its own acceptable software combination in terms of reference integrity measurements, and reports the local verification results to the relying party through a late-launched, trusted Platform Trust Service. The relying party simply checks this verification result and a security meta-policy that has been used to ensure the quality of the security checks performed locally. The Platform Trust Service is also responsible for reporting whether this meta-policy is satisfied. By configuring the meta-policy, the relying party selects an indirect attestation paradigm that best meets their high-level security requirements.

Original language	English
Title of host publication	STC'11 - Proceedings of the 6th ACM Workshop
Subtitle of host publication	Scalable Trusted Computing
Pages	31-36
Number of pages	6
DOIs	https://doi.org/10.1145/2046582.2046589
State	Published - 2011
Externally published	Yes
Event	6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 - Chicago, IL, United States Duration: 17 Oct 2011 → 17 Oct 2011

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011
Country/Territory	United States
City	Chicago, IL
Period	17/10/11 → 17/10/11

Keywords

indirect attestation
security meta-policy
whitelist management

Access to Document

10.1145/2046582.2046589

Cite this

@inproceedings{e12deac4a43045e2a6ebb1ebd4861a8a,

title = "Achieving attestation with less effort: An indirect and configurable approach to integrity reporting",

abstract = "This paper proposes an indirect attestation paradigm for verifying the trustworthiness of end user platforms. This approach overcomes several criticisms of attestation by maintaining the user's freedom to choose their own software configurations and minimising the whitelist management overhead for the relying party. Each user platform defines its own acceptable software combination in terms of reference integrity measurements, and reports the local verification results to the relying party through a late-launched, trusted Platform Trust Service. The relying party simply checks this verification result and a security meta-policy that has been used to ensure the quality of the security checks performed locally. The Platform Trust Service is also responsible for reporting whether this meta-policy is satisfied. By configuring the meta-policy, the relying party selects an indirect attestation paradigm that best meets their high-level security requirements.",

keywords = "indirect attestation, security meta-policy, whitelist management",

author = "Huh, \{Jun Ho\} and Hyoungshick Kim and John Lyle and Andrew Martin",

year = "2011",

doi = "10.1145/2046582.2046589",

language = "English",

isbn = "9781450310017",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "31--36",

booktitle = "STC'11 - Proceedings of the 6th ACM Workshop",

note = "6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011 ; Conference date: 17-10-2011 Through 17-10-2011",

}

Huh, JH, Kim, H, Lyle, J & Martin, A 2011, Achieving attestation with less effort: An indirect and configurable approach to integrity reporting. in STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. Proceedings of the ACM Conference on Computer and Communications Security, pp. 31-36, 6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, IL, United States, 17/10/11. https://doi.org/10.1145/2046582.2046589

Achieving attestation with less effort: An indirect and configurable approach to integrity reporting. / Huh, Jun Ho; Kim, Hyoungshick; Lyle, John et al.
STC'11 - Proceedings of the 6th ACM Workshop: Scalable Trusted Computing. 2011. p. 31-36 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Achieving attestation with less effort

T2 - 6th ACM Workshop on Scalable Trusted Computing, STC'11 - Co-located with 18th ACM Conference on Computer and Communications Security, CCS 2011

AU - Huh, Jun Ho

AU - Kim, Hyoungshick

AU - Lyle, John

AU - Martin, Andrew

PY - 2011

Y1 - 2011

N2 - This paper proposes an indirect attestation paradigm for verifying the trustworthiness of end user platforms. This approach overcomes several criticisms of attestation by maintaining the user's freedom to choose their own software configurations and minimising the whitelist management overhead for the relying party. Each user platform defines its own acceptable software combination in terms of reference integrity measurements, and reports the local verification results to the relying party through a late-launched, trusted Platform Trust Service. The relying party simply checks this verification result and a security meta-policy that has been used to ensure the quality of the security checks performed locally. The Platform Trust Service is also responsible for reporting whether this meta-policy is satisfied. By configuring the meta-policy, the relying party selects an indirect attestation paradigm that best meets their high-level security requirements.

AB - This paper proposes an indirect attestation paradigm for verifying the trustworthiness of end user platforms. This approach overcomes several criticisms of attestation by maintaining the user's freedom to choose their own software configurations and minimising the whitelist management overhead for the relying party. Each user platform defines its own acceptable software combination in terms of reference integrity measurements, and reports the local verification results to the relying party through a late-launched, trusted Platform Trust Service. The relying party simply checks this verification result and a security meta-policy that has been used to ensure the quality of the security checks performed locally. The Platform Trust Service is also responsible for reporting whether this meta-policy is satisfied. By configuring the meta-policy, the relying party selects an indirect attestation paradigm that best meets their high-level security requirements.

KW - indirect attestation

KW - security meta-policy

KW - whitelist management

UR - https://www.scopus.com/pages/publications/80755167791

U2 - 10.1145/2046582.2046589

DO - 10.1145/2046582.2046589

M3 - Conference contribution

AN - SCOPUS:80755167791

SN - 9781450310017

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 31

EP - 36

BT - STC'11 - Proceedings of the 6th ACM Workshop

Y2 - 17 October 2011 through 17 October 2011

ER -

Achieving attestation with less effort: An indirect and configurable approach to integrity reporting

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this