Aslam, Mudassar and Gehrmann, Christian and Björkman, Mats (2013) Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques. In: The 6th International Conference on Security of Information and Networks, November 26-28, 2013, Aksaray/Turkey. (In Press)
Full text not available from this repository.
In new distributed systems paradigms like cloud computing, the security of the host platforms is very critical. The platform administrators use security automation techniques to ensure that the outsourced platforms are set up correctly and follow the security recommendations. However, the remote platform users still have to trust the platform owner. The third party security audits, used to shift the required user trust from the platform owner to a trusted entity, are scheduled and are not very frequent to deal with the daily reported vulnerabilities. In this paper we propose a continuous remote platform evaluation mechanism to be used by the remote entity to increase the platform user trust. We analyze the existing SCAP and trusted computing (TCG) standards for our solution, identify their shortcomings, and suggest ways to integrate them. Our proposed platform security evaluation framework uses the TCG-SCAP synergy to address the limitations of each technology when used separately.
|Item Type:||Conference or Workshop Item (Paper)|
|Deposited By:||Mudassar Aslam|
|Deposited On:||26 Aug 2013 12:51|
|Last Modified:||26 Aug 2013 12:51|
Repository Staff Only: item control page