Trust management for mobile computing platforms

Providing a trustworthy mobile computing platform is crucial for mobile communications, services and applications. In this dissertation, we study methodologies and mechanisms that can be used to provide a trustworthy mobile computing platform. We also present an autonomic trust management solution for a component software middleware platform targeting at an embedded device, such as a mobile phone. In the first part of the dissertation, we firstly overview the literature background of trust modeling and trust management. We propose research methodologies on the basis of a conceptual architecture of a trusted mobile environment. Further, we present a methodology to bridge disjoint trusted domains in mobile computing and communications into a trustworthy system. The second part of the dissertation contains a mechanism to sustain trust among computing platforms. The mechanism builds up a trust relationship based on the Root Trust (RT) module at a trustee platform and ensures trust sustainability according to pre-defined conditions. These conditions are approved at the time of trust establishment and enforced through the use of the pre-attested RT module until the intended purpose is fulfilled. Through applying this mechanism, we introduce a Trusted Collaboration Infrastructure (TCI) for peer-to-peer devices in order to establish trust collaboration among distributed peers. In addition, this mechanism contributes to a mobile Virtual Private Network (VPN) for trusted mobile enterprise networking. The third part of the dissertation presents an autonomic trust management solution that can manage trust adaptively in a middleware component software platform. We develop a formal trust model to specify, evaluate, set up and ensure trust relationships that exist among system entities. We further present a trust management architecture that supports the implementation of the above model and adopts a number of algorithms for autonomic trust management at system runtime. In particular, special control modes can be applied into the platform to ensure trustworthiness. We develop a methodology for trust control mode prediction and selection on the basis of an adaptive trust control model in order to support autonomic trust management.reviewe

On Software Standards and Solutions for a Trusted Internet of Things

We discuss a high-level model for software applications and services that can support a minimal set of human-centric trust management capabilities. We outline the unique set of challenges we must address if we are to attain a level of trust that will be required for a robust deployment of an IoT. We discuss the role of standards and how we can maximize the effectiveness of standards and device and service certification. We suggest a set of solutions for trust management that can support the unique security, safety, and privacy requirements of a robust IoT. Prominent among these solutions is the use of an older approach for access control, viz. the reference monitor, and blockchain technologies that can record trust and policy graphs and trust-related attributes for IoT devices and supporting services. An open, but governed trust blockchain can serve as a universal trusted oracle

Remote attestation of SEV-SNP confidential VMs using e-vTPMs

Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc. In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).Comment: 12 pages, 4 figure

TCG based approach for secure management of virtualized platforms: state-of-the-art

There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms

Deploying Virtual Machines on Shared Platforms

In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

A Performance Optimization Model towards OAuth 2.0 Adoption in the Enterprise

As Cloud software (Software-as-a-Service) become more and more ubiquitous, the scale and performance expectations become an important factor impacting architectural decisions for security protocol adoption. WS-Trust[6] and WS-Federation[7] are enterprise scale protocols but lacked wide adoption due to complexity. OAuth 1.0 emerged as an industry standard for unifying identity management for major SaaS players. However, OAuth 1.0 soon was proven to fail performance criteria for enterprise adoption. With the introduction of OAuth 2.0 some of the performance concerns were addressed. This paper proposes an optimization to OAuth 2.0 for enterprise adoption. This optimization is achieved by introducing manageability steps to pre-establish trust amongst the client and the protected resource server. In this model, the client needs to set up trust with the protected resource server as well as with the authorization server. These clients are called highly trusted clients. We believe such optimization makes it feasible to adopt OAuth in the enterprise where scale and performance are critical factors