Grawrock / Vishik / Reimer Future of Trust in Computing
2009
ISBN: 978-3-8348-9324-6
Verlag: Vieweg & Teubner
Format: PDF
Kopierschutz: 1 - PDF Watermark
Proceedings of the First International Conference Future of Trust in Computing 2008
E-Book, Englisch, 227 Seiten, eBook
ISBN: 978-3-8348-9324-6
Verlag: Vieweg & Teubner
Format: PDF
Kopierschutz: 1 - PDF Watermark
The concept of trust is related to many aspects of our daily lives, and different stakeholders use the term 'trust' in various contexts. Trust is crucial in today's information societies for ensuring success of digital economies in all countries and regions. This book contains papers that were presented at the conference 'Future of Trust in Computing' and brings together academics, regulators, technologists, and practitioners working in diverse areas of trust from various parts of the world. The authors discuss issues they are facing and begin to form a common framework. Security and privacy threats and remedies, core trust-enforcing technologies, innovative applications, regulatory issues, privacy and usability, economics as well as provable security and assurance are discussed. Finally, a number of papers touch upon innovative approaches to trust that begin to define new fields of research and innovative types of technologies.
David Grawrock is a Senior Principal Engineer and Security Architect for the Initiatives, Technology Pathfinding and Planning group at Intel Corp (USA).
Helmut Reimer is Senior Partner at TeleTrusT Deutschland e.V.
Ahmad-Reza Sadeghi is the Head of System Security Group at Horst Goertz Institute for IT Security at Ruhr-University Bochum, Germany.
Claire Vishik is Security & Privacy Standards & Policy Manager at Intel Corp (UK).
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;Foreword;9
3;Session 1:Security Environmentand Threats;10
3.1;Study on Information Security and e-Trust in Spanish households;11
3.1.1;1 Objectives;11
3.1.2;2 Methodological design;12
3.1.3;3 Main results;17
3.1.4;4 Conclusion;22
4;Session 2: Technical Issues with Trust in Computing and Proposed Solutions;23
4.1;Implementing a Portable Trusted Environment;24
4.1.1;1 Introduction;24
4.1.2;2 A Trusted Medical Application;25
4.1.3;3 The Trust Extension Device;27
4.1.4;4 TED Application: Trusted Email Client;32
4.1.5;5 Conclusions;35
4.2;New Directions for Hardware-assistedTrusted Computing Policies(Position Paper);37
4.2.1;1 Introduction;37
4.2.2;2 Policy Engineering;39
4.2.3;3 Traps and Security;40
4.2.4;4 Proposed Hardware Features;42
4.2.5;5 Self-healing Perspective;43
4.2.6;6 Conclusion;43
4.2.7;7 Acknowledgements;44
4.3;Smart Cards and remote entrusting;45
4.3.1;1 Introduction;45
4.3.2;2 Remote Entrusting;46
4.3.3;3 The USB Smart Card;48
4.3.4;4 Levels of Trust;49
4.3.5;5 Limitations;51
4.3.6;6 Conclusion;52
5;Session 3: Designing for the Future:New Approaches;53
5.1;Future Threats to Future Trust;54
5.1.1;1 The Forward workshops and threats on the net;54
5.1.2;2 Trust in critical and large-scale systems;55
5.1.3;3 Fraud and the lack of trust;57
5.1.4;4 Malware;58
5.1.5;5 Concluding remarks;59
5.1.6;6 Acknowledgements;59
5.2;Trusted Trustworthy ProofPosition Paper;60
5.2.1;1 The Security Challenge;60
5.2.2;2 Trust and Trustworthiness;61
5.2.3;3 Requirements;62
5.2.4;4 Can it be Achieved?;63
5.2.5;5 Cost;63
5.2.6;6 Conclusions;64
5.3;An ongoing Game of Tetris:Integrating Trusted Computing in Java,block-by-block;65
5.3.1;1 Introduction;65
5.3.2;2 The Pieces of the Game;67
5.3.3;3 Conclusions and Outlook;71
5.4;TrustCube: An Infrastructure thatBuilds Trust in Client;73
5.4.1;1 Introduction;73
5.4.2;2 Related Works;74
5.4.3;3 TrustCube Infrastructure;77
5.4.4;4 Conclusion and Future Works;84
6;Session 4: Obtaining Trust and Modeling Trust Environments;85
6.1;Trust-based Information Sharing in Collaborative Communities: Issues and Challenges;86
6.1.1;1 Introduction;86
6.1.2;2 State of the art;88
6.1.3;3 Access control requirements;89
6.1.4;4 Trust-based Information Sharing;90
6.1.5;5 Privacy-aware Access Control;92
6.1.6;6 Trust Modelling, Computation and Protection;93
6.1.7;7 Conclusion;94
6.2;Can Economics Provide Insights into Trust Infrastructure?;96
6.2.1;1 Introduction;96
6.2.2;2 Problem Statement;97
6.2.3;3 Verification and Authentication Infrastructure;98
6.2.4;4 Exchange Economies, Monetary Economies and Asymmetric Information;99
6.2.5;5 Are Models and Approaches of Theoretical Economics Applicable to This Context?;101
6.2.6;6 Conclusions;103
6.3;Reviewing Privacy during Design – Voluntary Technology Dialogue System;105
6.3.1;1 Project Description;105
6.3.2;2 Voluntary Technology Dialogue System;106
6.3.3;3 Conclusion - policy relevance and market impact;109
7;Session 5: Applications: Trustin Health Systems;112
7.1;Trust and Privacy in Healthcare;113
7.1.1;1 Introduction;113
7.1.2;2 Trust in the Healthcare system;114
7.1.3;3 Risk positions in data-sharing;116
7.1.4;4 Risk Appraisal model;117
7.1.5;5 Overall attitude to Data-sharing;120
7.1.6;6 Evidence from the literature;120
7.1.7;7 Effect of countermeasures to reduce risk and improve trust;121
7.1.8;8 Conclusions;122
7.2;Protecting Patient Records from Unwarranted Access;124
7.2.1;1 Introduction;124
7.2.2;2 The Electronic Patient Record System;125
7.2.3;3 Protecting Patient Records;126
7.2.4;4 Related Work;128
7.2.5;5 Conclusion;129
7.3;Challenges in Data QualityAssurance in PervasiveHealth Monitoring Systems;131
7.3.1;1 Introduction;131
7.3.2;2 Use cases;132
7.3.3;3 Data Quality;134
7.3.4;4 Challenges;136
7.3.5;5 Related Work;140
7.3.6;6 Summary;142
8;Session 6: Future of Trust: New Models for Network, Device and Infrastructure Security;145
8.1;Towards one PC for systems with different security levels;146
8.1.1;1 Introduction;146
8.1.2;2 Virtualization;148
8.1.3;3 Hypervisor architecture;148
8.1.4;4 Hardware trends;150
8.1.5;5 Conclusion;151
8.2;Trust Relationships in Networked Context Aware Systems;153
8.2.1;1 Context Aware Systems;153
8.2.2;2 Trust Relationships;154
8.2.3;3 Trust with Networked Context Aware Systems;155
8.2.4;4 Dilemmas with Client Side Optimization;156
8.2.5;5 Dilemmas with Server Side Optimization;156
8.2.6;6 Challenges in Building Trust;157
8.2.7;7 Conclusion;157
8.3;Towards Trusted Network Access Control;158
8.3.1;1 Motivation;158
8.3.2;2 Introduction to Trusted Network Connect;159
8.3.3;3 tNAC – Trusted Network Access Control;165
8.3.4;4 Conclusion;167
9;Session 7: Usability;169
9.1;User-Friendly and Secure TPM-based Hard Disk Key Management;170
9.1.1;1 Problem Description;170
9.1.2;2 Solutions;171
9.1.3;3 Protecting System Integrity;174
9.1.4;4 Discussion;175
9.1.5;5 Conclusion;176
9.2;Requirements and Design Guidelines for a Trusted Hypervisor Interface;177
9.2.1;1 Introduction;177
9.2.2;2 Usage Scenarios;178
9.2.3;3 Requirements Analysis;179
9.2.4;4 Related Work;181
9.2.5;5 Design Conclusions;183
9.2.6;6 Outlook;187
10;Session 8: TCG Technology: Issues and Applications;189
10.1;Offline dictionary attack on TCG TPM weak authorisation data, and solution;190
10.1.1;1 Introduction;190
10.1.2;2 The Offline dictionary attack;191
10.1.3;3 Password-based key agreement;191
10.1.4;4 Solving the offline authData attack;192
10.1.5;5 Integration with TPM command architecture;193
10.1.6;6 Conclusion;193
10.2;Trusted Virtual Disk Images;194
10.2.1;1 Introduction;194
10.2.2;2 Related Work;195
10.2.3;3 Background;195
10.2.4;4 Trusted Vitual Disk Images;197
10.2.5;5 Life cycle;201
10.2.6;6 Conclusion;203
10.2.7;7 Future Work;203
10.3;Shall we trust WDDL?;205
10.3.1;1 Introduction;205
10.3.2;2 Timing Analysis of Differential Logic;207
10.3.3;3 Practical Test on DES WDDL Implemented in an Altera Stratix EP1S25 FPGA;209
10.3.4;4 Conclusion;210
10.4;Trusted Computing Management Server Making Trusted Computing User Friendly;213
10.4.1;1 Motivation;213
10.4.2;2 Managing and operation tasks for TC platforms;214
10.4.3;3 The Solution: Centralized and integrated Trusted;215
10.4.4;Computing and TPM management by a server.;215
10.4.5;4 Conclusion;218
11;Index;219
Security Environment and Threats.- Study on Information Security and e-Trust in Spanish households.- Technical Issues with Trust in Computing and Proposed Solutions.- Implementing a Portable Trusted Environment.- New Directions for Hardware-assisted Trusted Computing Policies (Position Paper).- Smart Cards and remote entrusting.- Designing for the Future: New Approaches.- Future Threats to Future Trust.- Trusted ? Trustworthy ? Proof Position Paper.- An ongoing Game of Tetris: Integrating Trusted Computing in Java, block-by-block.- TrustCube: An Infrastructure that Builds Trust in Client.- Obtaining Trust and Modeling Trust Environments.- Trust-based Information Sharing in Collaborative Communities: Issues and Challenges.- Can Economics Provide Insights into Trust Infrastructure?.- Reviewing Privacy during Design – Voluntary Technology Dialogue System.- Applications: Trust in Health Systems.- Trust and Privacy in Healthcare.- Protecting Patient Records from Unwarranted Access.- Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems.- Future of Trust: New Models for Network, Device and Infrastructure Security.- Towards one PC for systems with different security levels.- Trust Relationships in Networked Context Aware Systems.- Towards Trusted Network Access Control.- Usability.- User-Friendly and Secure TPM-based Hard Disk Key Management.- Requirements and Design Guidelines for a Trusted Hypervisor Interface.- TCG Technology: Issues and Applications.- Offline dictionary attack on TCG TPM weak authorisation data, and solution.- Trusted Virtual Disk Images.- Shall we trust WDDL?.- Trusted Computing Management Server Making Trusted Computing User Friendly.
