Behavior Compliance Control for More Trustworthy Computation Outsourcing

Computation outsourcing has become a hot topic in both academic research and industry. This is because of the benefits accompanied with outsourcing, such as cost reduction, focusing on core businesses and possibility for benefiting from modern payment models like the pay-per-use model. Unfortunately, outsourcing to potentially untrusted third parties' hosting platforms requires a lot of trust. Clients need assurance that the intended code was loaded and executed, and that the application behaves correctly and trustworthy at runtime. That is, techniques from Trusted Computing which are used to allow issuing evidence about the execution of binaries and reporting it to a challenger are not sufficient. Challengers are more interested in evidence which allows detecting misbehavior while the outsourced computation is running on the hosting platform. Another challenging issue is providing a secure data storage for collected evidence information. Such a secure data storage is provided by the Trusted Platform Module (TPM). In outsourcing scenarios where virtualizations technologies are applied, the use of virtual TPMs (vTPMs) comes into consideration. However, researcher identified some drawbacks and limitations of the use of TPMs. These problems include privacy and maintainability issues, problems with the sealing functionality and the high communication and management efforts. On the other hand, virtualizing TPMs, especially virutalizing the Platform Configuration Registers (PCRs), strikes against one of the core principles of Trusted Computing, namely the need for a hardware-based secure storage. In this thesis, we propose different approaches and architectures which can be used to mitigate the problems above. In particular, in the first part of our thesis we propose an approach called Behavior Compliance Control (BCC) to defines architectures to describe how the behavior of such outsourced computations is captured and controlled as well as how to judge the compliance of it compared to a trusted behavior model. We present approaches for two abstraction levels; one on a program code level and the other is on the level of abstract executable business processes. In the second part of this thesis, we propose approaches to solve the aforementioned problems related to TPMs and vTPMs, which are used as storage for evidence data collected as assurance for behavior compliance. In particular, we recognized that the use of the SHA-1 hash to measure system components requires maintenance of a large set of hashes of presumably trustworthy software; furthermore, during attestation, the full configuration of the platform is revealed. Thus, our approach shows how the use of chameleon hashes allows to mitigate the impact of these two problems. To increase the security of vTPM, we show in another approach how strength of hardware-based security can be gained in virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other variant uses incremental hashing. We further provide implementations of the proposed approach and evaluate their impact in practice. Furthermore, we empirically evaluate the relative efficacy of the different behavioral abstractions of BCC that we define based on different real world applications. In particular, we examined the feasibility, the effectiveness, the scalability and efficiency of the approach. To this end, we chose two kinds of applications, a web-based and a desktop application, performing different attacks on them, such as malicious input attach and SQL injection attack. The results show that such attacks can be detected so that the application of our approach can increase the protection against them