Lookup NU author(s): Emeritus Professor Santosh Shrivastava
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Web services and service oriented architectures are becoming the de facto standard for Internet computing. A main problem faced by users of such services is how to ensure that the service code is trusted. While methods that guarantee trusted service code execution before starting a client-service transaction exist, there is no solution for extending this assurance to the entire lifetime of the transaction. This paper presents Satem, a Service-aware trusted execution monitor that guarantees the trustworthiness of the service code across a whole transaction. The Satem architecture consists of an execution monitor residing in the operating system kernel on the service provider platform, a trust evaluator on the client platform, and a service commitment protocol. During this protocol, executed before every transaction, the client requests and verifies against its local policy a commitment from the service platform that promises trusted code execution. Subsequently, the monitor enforces this commitment for the duration of the transaction. To initialize the trust on the monitor, we use the Trusted Platform Module specified by the Trusted Computing Group. We implemented Satem under the Linux 2.6.12 kernel and tested it for a web service and DNS. The experimental results demonstrate that Satem does not incur significant overhead to the protected services and does not impact the unprotected services.
Author(s): Shrivastava S
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: 25th Symposium on Reliable Distributed Systems
Year of Conference: 2006
Library holdings: Search Newcastle University Library for this item
Series Title: IEEE Conference Proceedings