2,336 research outputs found
A Security Pattern for Cloud service certification
Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding
the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security
properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the
potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic
changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a
mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec
Application of trusted computing to secure video broadcasts to mobile receivers
This paper addresses the problem of configuring mobile devices to receive broadcast services protected by legacy conditional access systems. The protocols apply the concepts of trusted computing to allow a mobile host to demonstrate that it is secure, before any application or associated keys are securely downloaded. Thus the protocols are applicable anywhere a secure download is required. A general analysis of the security of the protocols is presented, followed by the results of formal verification.
Trusted Computing in Mobile Action
Due to the convergence of various mobile access technologies like UMTS, WLAN,
and WiMax the need for a new supporting infrastructure arises. This
infrastructure should be able to support more efficient ways to authenticate
users and devices, potentially enabling novel services based on the security
provided by the infrastructure. In this paper we exhibit some usage scenarios
from the mobile domain integrating trusted computing, which show that trusted
computing offers new paradigms for implementing trust and by this enables new
technical applications and business scenarios. The scenarios show how the
traditional boundaries between technical and authentication domains become
permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
Agent-Based Cloud Resource Management for Secure Cloud Infrastructures
The cloud offers clear benefits for computations as well as for storage for diverse application areas. Security concerns are by far the greatest barriers to the wider uptake of cloud computing, particularly for privacy-sensitive applications. The aim of this article is to propose an approach for establishing trust between users and providers of cloud infrastructures (IaaS model) based on certified trusted agents. Such approach would remove barriers that prevent security sensitive applications being moved to the cloud. The core technology encompasses a secure agent platform for providing the execution environment for agents and the secure attested software base which ensures the integrity of the host platform. In this article we describe the motivation, concept, design and initial implementation of these technologies
Digital Trust - Trusted Computing and Beyond A Position Paper
Along with the invention of computers and interconnected networks, physical societal notions like security, trust, and privacy entered the digital environment. The concept of digital environments begins with the trust (established in the real world) in the organisation/individual that manages the digital resources. This concept evolved to deal with the rapid growth of the Internet, where it became impractical for entities to have prior offline (real world) trust. The evolution of digital trust took diverse approaches and now trust is defined and understood differently across heterogeneous domains. This paper looks at digital trust from the point of view of security and examines how valid trust approaches from other domains are now making their way into secure computing. The paper also revisits and analyses the Trusted Platform Module (TPM) along with associated technologies and their relevance in the changing landscape. We especially focus on the domains of cloud computing, mobile computing and cyber-physical systems. In addition, the paper also explores our proposals that are competing with and extending the traditional functionality of TPM specifications
- …