Filter-based Remote Trusted Attestation For Web Services

The computer network's rapid development takes greatly advantage to people's lives, the development of electronic commerce is changing people's traditional way of life. At the same time network brings huge business opportunities and advantage, the network's security is increasingly becoming the main factors that threaten the development of the computer, Trusted Computing is developed at this background, Trusted Computing can ensure data and configuration's security from internal, and that improves the security of computers.Trusted Computing remote attestation is to solve the remote platform's authentication; TCG (Trusted Compute Group) has released the trusted attestation's proposal-Privacy CA and DAA by order. Both proposals are based on PCR and AIK that embedded in the TPM, unlike Privacy CA, DAA introduced in Load-time. But this binary attestation exposures too much the remote platform's information, system's updates and backups are difficult to achieve in the opened and distributed applications, property-based attestation overcomes the binary attestation's flaws, but there are still attestation-once, static attestation flaws.Bringing virtual technology into remote trusted attestation, improves attestation's achievability and result's credibility. But exiting attestation proposals is insufficiency in efficiency and specific applications. This paper proposed filter-based attestation, from efficiency and specific applications, and proposed proposal and specific filter strategy for Web services. Three aspect jobs have been taken as follow:(1)Analyze the existing virtual trusted attestation proposals, these include language-based virtual attestation and virtual machine-based attestation, and analyzed two proposals'advantages and disadvantages. These attestation proposals is the basis of our study, this paper's main work is to improve two proposals.(2)Filter-based attestation was proposed. Language-based virtual trusted attestation attests program's behavior from program's semantic by language virtual machine, improves attestation's credibility, but it is very difficult to define program's semantic, both client and server need language virtual machine for attestation, and increases server's communication burden; virtual machine-based attestation is also the binary attestation in nature. This paper combines two attestation proposal's advantages, changes virtual language machine into a true "virtual" server, let programs run in the virtual server, attest these's behavior form run's result. Attestation filter filters program's attestation; it is the core part of this proposal. Establish program trusted table for program that has been attested in the virtual server, and proposed attestation proposal and filter strategy for Web services. At last, proposed proposal for big server.(3)We build a trusted environment through open-source TPM Emulator and IAIK jTSS on Linux, select Tomcat as Web server. Realized program's filtering through attestation trusted table, that proved the proposal that proposed by this paper is feasible.