24,245 research outputs found
ERASMUS: Efficient Remote Attestation via Self- Measurement for Unattended Settings
Remote attestation (RA) is a popular means of detecting malware in embedded
and IoT devices. RA is usually realized as an interactive protocol, whereby a
trusted party -- verifier -- measures integrity of a potentially compromised
remote device -- prover. Early work focused on purely software-based and fully
hardware-based techniques, neither of which is ideal for low-end devices. More
recent results have yielded hybrid (SW/HW) security architectures comprised of
a minimal set of features to support efficient and secure RA on low-end
devices.
All prior RA techniques require on-demand operation, i.e, RA is performed in
real time. We identify some drawbacks of this general approach in the context
of unattended devices: First, it fails to detect mobile malware that enters and
leaves the prover between successive RA instances. Second, it requires the
prover to engage in a potentially expensive (in terms of time and energy)
computation, which can be harmful for critical or real-time devices.
To address these drawbacks, we introduce the concept of self-measurement
where a prover device periodically (and securely) measures and records its own
software state, based on a pre-established schedule. A possibly untrusted
verifier occasionally collects and verifies these measurements. We present the
design of a concrete technique called ERASMUS : Efficient Remote Attestation
via Self-Measurement for Unattended Settings, justify its features and evaluate
its performance. In the process, we also define a new metric -- Quality of
Attestation (QoA). We argue that ERASMUS is well-suited for time-sensitive
and/or safety-critical applications that are not served well by on-demand RA.
Finally, we show that ERASMUS is a promising stepping stone towards handling
attestation of multiple devices (i.e., a group or swarm) with high mobility
Management and Service-aware Networking Architectures (MANA) for Future Internet Position Paper: System Functions, Capabilities and Requirements
Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI, Asia Future Internet, Future Internet Forum Korea, European Union Future Internet Assembly (FIA). This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s)
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Federated Embedded Systems – a review of the literature in related fields
This report is concerned with the vision of smart interconnected objects, a vision that has attracted much attention lately. In this paper, embedded, interconnected, open, and heterogeneous control systems are in focus, formally referred to as Federated Embedded Systems. To place FES into a context, a review of some related research directions is presented. This review includes such concepts as systems of systems, cyber-physical systems, ubiquitous
computing, internet of things, and multi-agent systems. Interestingly, the reviewed fields seem to overlap with each other in an increasing number of ways
- …