Software and Hardware Certification Techniques in a Combined Certification Model

Antonio Muñoz, Antonio Maña

2014

Abstract

Certification has been proved as an essential mechanism for achieving different security properties in new systems. However, it has important advantages; among which we highlighted the increasing in users trust by means of attesting security properties, but it is important to consider that in most of cases the system that is subject of certification is considered to be monolithic, and this feature implies that existing certification schemes do not provide support for dynamic changes of components as required in Cloud Computing running systems. One issue that has special importance of current certification schemes is that these refer to a particular version of the product or system, which derives that changes in the system structure require a process of recertification. This paper presents a solution based on a combination of software certification and hardware-based certification techniques. As a key element in our model we make use of the Trusted Computing functionalities as secure element to provide mechanisms for the hardware certification part. Likewise, our main goal is bringing the gap existing between the software certification and the means for hardware certification, in order to provide a solution for the whole system certification using Trusted Computing technology.

References

  1. Al-Moayed, A. and Hollunder, B. (2010). Quality of service attributes in web services. In 5th International Conference on Software Engineering Advances. IEEE.
  2. Anisetti, M., Ardagna, C., and Damiani, E. (2011). Finegrained modeling of web services for testbased security certification. In 8th International Conference on Service Computing. IEEE.
  3. Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., OHanlon, B., Ramsdell, J., Segall, A., Sheehy, J., and Sniffen, B. (2008). Principles of remote attestation. In special issue of the 10th International Conference on Information and Communications Security. SpringerVerlag.
  4. Damiani, E., Ardagna, C., and Ioini, N. E. (2008). Open source security certification. Springer-Verlag.
  5. Damiani, E. and na, A. M. (2009). Toward ws-certificate. In ACM Workshop on Secure Web Services. ACM.
  6. Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding cloud computing vulnerabilities. In Security & Privacy. IEEE.
  7. Haldar, V., Chandra, D., and Franz, M. (2004). Semantic remote attestation: a virtual machine directed approach to trusted computing. In 3rd conference on Virtual Machine Research And Technology Symposium. ACM.
  8. Khan, K. and Malluhi, Q. (2010). Establishing trust in cloud computing. In IT Professional. IT Professional.
  9. Rajendran, T., Balasubramanie, P., and Cherian, E. (2010). An efficient ws-qos broker based architecturefor web services selection. In International Journal of Computer Applications. International Journal of Computer Applications.
  10. Ran, S. (2003). A model for web services discovery with qos. In ACM SIGecom Exchanges. ACM.
  11. Serhani, M., Dssouli, R., Hafid, A., and Sahraoui, H. (2005). A qos broker based architecture for efficient web services selection. In IEEE International Conference on Web Services. IEEE.
  12. TCG (2014). Trusted Computing Group: TCG Specifications. Trusted Computing Group.
Download


Paper Citation


in Harvard Style

Muñoz A. and Maña A. (2014). Software and Hardware Certification Techniques in a Combined Certification Model . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 405-410. DOI: 10.5220/0005098204050410


in Bibtex Style

@conference{secrypt14,
author={Antonio Muñoz and Antonio Maña},
title={Software and Hardware Certification Techniques in a Combined Certification Model},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={405-410},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005098204050410},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Software and Hardware Certification Techniques in a Combined Certification Model
SN - 978-989-758-045-1
AU - Muñoz A.
AU - Maña A.
PY - 2014
SP - 405
EP - 410
DO - 10.5220/0005098204050410