3 research outputs found
Behavior Compliance Control for More Trustworthy Computation Outsourcing
Computation outsourcing has become a hot topic in both academic research and industry.
This is because of the benefits accompanied with outsourcing, such as cost reduction,
focusing on core businesses and possibility for benefiting from modern payment
models like the pay-per-use model.
Unfortunately, outsourcing to potentially untrusted third parties' hosting
platforms requires a lot of trust. Clients need assurance that the intended
code was loaded and executed, and that the application behaves correctly and
trustworthy at runtime. That is, techniques from Trusted Computing which
are used to allow issuing evidence about the execution of binaries and reporting it
to a challenger are not sufficient. Challengers are more interested
in evidence which allows detecting misbehavior while the outsourced
computation is running on the hosting platform.
Another challenging issue is providing a secure data storage for collected
evidence information. Such a secure data storage is provided by
the Trusted Platform Module (TPM). In outsourcing scenarios where
virtualizations technologies are applied, the use of virtual TPMs (vTPMs)
comes into consideration. However, researcher identified some drawbacks
and limitations of the use of TPMs. These problems include privacy and maintainability
issues, problems with the sealing functionality and the high communication
and management efforts. On the other hand, virtualizing TPMs, especially virutalizing the Platform
Configuration Registers (PCRs), strikes against one of the core principles of
Trusted Computing, namely the need for a hardware-based secure storage.
In this thesis, we propose different approaches and architectures which
can be used to mitigate the problems above. In particular, in the first
part of our thesis we propose an approach called Behavior Compliance
Control (BCC) to defines architectures to describe how the behavior of
such outsourced computations is captured and controlled as well as how to
judge the compliance of it compared to a trusted behavior model. We present
approaches for two abstraction levels; one on a program code level and the
other is on the level of abstract executable business processes.
In the second part of this thesis, we propose approaches to solve
the aforementioned problems related to TPMs and vTPMs, which are used
as storage for evidence data collected as assurance for behavior compliance. In particular,
we recognized that the use of the SHA-1 hash to measure system components requires
maintenance of a large set of hashes of presumably trustworthy
software; furthermore, during attestation, the full configuration of the
platform is revealed. Thus, our approach shows how the use of chameleon hashes allows
to mitigate the impact of these two problems. To increase the security of vTPM,
we show in another approach how strength of hardware-based security can be gained in
virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches
for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other
variant uses incremental hashing.
We further provide implementations of the proposed approach and evaluate
their impact in practice. Furthermore, we empirically evaluate the
relative efficacy of the different behavioral abstractions of BCC that we define
based on different real world applications. In particular, we examined
the feasibility, the effectiveness, the scalability and efficiency of the
approach. To this end, we chose two kinds of applications, a web-based
and a desktop application, performing different attacks on them, such
as malicious input attach and SQL injection attack. The results show
that such attacks can be detected so that the application of our approach
can increase the protection against them