Abstract
Intranet access has become an essential function for corporate users. At the same time, corporation's security administrators have little ability to control access to corporate data once it is released to remote clients. At present, no confidentiality or integrity guarantees about the remote access clients are made, so it is possible that an attacker may have compromised a client process and is now downloading or modifying corporate data. Even though we have corporate-wide access control over remote users, the access control approach is currently insufficient to stop these malicious processes. We have designed and implemented a novel system that empowers corporations to verify client integrity properties and establish trust upon the client policy enforcement before allowing clients (remote) access to corporate Intranet services. Client integrity is measured using a Trusted Platform Module (TPM), a new security technology that is becoming broadly available on client systems, and our system uses these measurements for access policy decisions enforced upon the client's processes. We have implemented a Linux 2.6 prototype system that utilizes the TPM measurement and attestation, existing Linux network control (Netfilter), and existing corporate policy management tools in the Tivoli Access Manager to control remote client access to corporate data. This prototype illustrates that our solution integrates seamlessly into scalable corporate policy management and introduces only a minor performance overhead.
Original language | English (US) |
---|---|
Pages (from-to) | 308-317 |
Number of pages | 10 |
Journal | Proceedings of the ACM Conference on Computer and Communications Security |
DOIs | |
State | Published - 2004 |
Event | Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004 - Washington, DC, United States Duration: Oct 25 2004 → Oct 29 2004 |
All Science Journal Classification (ASJC) codes
- Software
- Computer Networks and Communications