Authors: Lingbo Jiang; Yuping Wang; Tiehua Wen; Jianfeng Tan
Addresses: Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, China ' Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, China ' Beijing Academy of Information Science and Technology, Beijing, 100094, China ' Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, China
Abstract: The security policy can exactly reflect the security expectations of system models. Besides, it is also an important method of remote attestation of computing environment, which is based on model behaviours. Existing policy measurement approaches focus on single model. However, practical policies usually include various kinds of model properties so that existing methods cannot meet the demands of combined policy measurement and unified expectations of multiple collaborative mechanisms and dynamic control systems. This paper proposes a novel remote attestation approach based on cross-layer security policy translation, CPMA, which is used to verify security expectations and combined policy measurements of multiple model systems. CPMA presents security exception expressions and the descriptions of the high-layer policy and the low-layer policy. It also designs the translation algorithm and verification algorithm with low overhead to achieve the trusted measurement of multiple mechanism policies. Extensive evaluations show that CPMA can measure and verify system actions accurately and effectively.
Keywords: remote attestation; security expectations; policy translation; filter verification; security policy; trust; multiple policies; system models.
International Journal of High Performance Computing and Networking, 2016 Vol.9 No.5/6, pp.357 - 371
Available online: 22 Nov 2016 *Full-text access for editors Access for subscribers Purchase this article Comment on this article