39 research outputs found
Practical assessment of Biba integrity for TCG-enabled platforms
Get PDFChecking the integrity of an application is necessary to determine if the latter will behave as expected.
The method defined by the Trusted Computing Group consists in evaluating the fingerprints of the platform hardware and software components required for the proper functioning of the application to be assessed.
However, this only ensures that a process was working correctly at load-time but not for its whole life-cycle.
Policy-Reduced Integrity Measurement Architecture (PRIMA) addresses this problem by enforcing a security policy that denies information flows from potentially malicious processes to an application target of the evaluation and its dependencies (requirement introduced by CW-Lite, an evolution of the Biba integrity model).
Given the difficulty of deploying PRIMA (as platform administrators have to tune their security policies to satisfy the CW-Lite requirements) we propose in this paper Enhanced IMA, an extended version of the Integrity Measurement Architecture (IMA) that, unlike PRIMA, works almost out of the box and just reports information flows instead of
enforcing them.
In addition, we introduce a model to evaluate the information reported by Enhanced IMA with existing technique
