Trusted Virtual Domains (TVD)

Project Overview

Trusted Virtual Domains (TVDs) represent a new model for achieving IT and business security. TVDs address critical heterogeneity and complexity issues in existing models, they provide quantifiable security and operational management for business and IT services, and they simplify overall containment and trust management in large distributed systems.

The key innovation in TVDs is a focus on overall security goals required within service domains collections of complete systems that work together to provide a service as opposed to point hardware and software solutions. This emphasis on satisfying service-oriented goals is a step toward enabling the flexible deployment of secure services in on demand environments.

Within a TVD, high-level security and operational policy statements are systematically mapped into the configuration of the individual hardware and software components that together perform a service. For example, a TVD for a payroll-processing service would transform business-level policy statements such as "Employees" personal information in HR records must only be disclosed to authorized parties into platform-specific directives for information flow and access control. These directives are then used to configure the protected execution environments that host the HR information service.

The TVD model represents a departure from the design of many conventional secure operational models. For example, TVDs are designed to provide an explicit and autonomously measurable quantification of whether the overall security goals are achieved, prior to (or during) the processing of a service. The application developer is relieved from the burden of implementing and verifying security-related functions for service processing, such as the creation of protected communication channels, as such functions are provided by the TVD infrastructure. Also, the specification of security goals in TVDs proceeds according to the requirements of the application or service to be run, instead of being individually specified on a per-user or per-system basis.

Project Scope

The major goals of our project are:

to design and implement a supporting infrastructure for Trusted Computing,
to model and design Trusted Virtual Domains, an advanced security architecture to leverage the power of Trusted Computing; and to promote Trusted Computing to Japanese academia and industry.

The deliverables include a new theoretical model, a repository of vulnerability information, an evaluation and management service, and an overall trust management process to support Trusted Computing in the real world.

The notion of "integrity attestation", which is defined in the Trusted Computing Group (TCG), allows remote challenger to verify precise configuration and state of a computing platform in a reliable way. This mechanism enhances the assurance for distributed computation through strong protection to network viruses and malware, early detection to compromised system. We are developing an infrastructure and unified model for the integrity attestation.

Currently, we are closely collaborating with Watson Research Center (WRC) and Zurich Research Lab(ZRL) in these areas. Part of this project is supported by the Japanese Ministry of Economics, Trade and Industry (METI).

Validation Service

Validation Service provides the semantics corresponding to the measurement of the system integrity. The user of this service can request the value of integrity measurement from the target remote system and then ask the validation service if the target system provides assurance of the security properties under certain security policy. This mechanism allows heterogeneous nodes to construct trust relationship in a decentralized trust model.

Validation Service

Architecture Design for Validation Service : We define the design of architecture for Validation Service, which includes
- Trust evaluation scheme: Our validation service employ finer-grained evaluation rather than decisional one (trusted or not trusted), where the evaluation implies compliance with certain security requirements.
- Information sources for evaluation : We identify the potential data sources for security assurance evaluation such as venders, the agencies which provides vulnerability information, and designs the interoperable way to integrate these sources.
Design and Implementation of Integrity Collection System : We are developing a mechanism for the automatic collection of the integrity information from the various kinds of data sources, which include the periodical Web-crawling and submission from the information providers.

Establishing Security Model for Trusted Virtual Domain

Trusted Virtual Domain Model

Design of Security Policy Model for Trusted Virtual Domain :
TVD is the proposal for new security model for heterogeneous, decentralized environment. The security is based on the security property validation and strong isolation. The security policy which governs a trusted virtual domain represents how the domain should be managed, including the membership qualification, such as system configuration (e.g., version of OS), system management (e.g. ISMS certification), security mechanism (e.g., biometrics, key-length and encryption algorithm) and access control policy. We are developing the unified approach for handling diverse type of security policy for heterogeneous, decentralized computing environment by using the security property assurance validation and strong isolation mechanism.
Design and Implementation for Run-time Execution Environment for Trusted Virtual Domain:
We are developing a prototype of the physical node which provides the necessary functionality to become the member of TVD, which includes 1)joining multiple domain simaltaneously, while providing strong isolation between domains, 2)enforcing domain-wide policy to every local events, 3)verifying if the other node in the same domain conforms the domain-wide policy.

Events

The 1st workshop on Advanced Trusted Computing (Tokyo, March 9th, the Tokyo Kohsei-nenkin Kaikan.)
The first workshop on Advanced Trusted Computing was successfully held in Tokyo on March 9th at the Tokyo Kohsei-nenkin Kaikan. This workshop was part of our research activity on the next generation information security research project of the Ministry of Economics, Trade and Industry (METI). Trusted computing is one of the most promising technology in the IT security area and more than 80 people attended the workshop. Four technical lectures were given by domain experts from Germany, Switzerland (IBM Zurich Research Lab), England, and the U.S.A (IBM Watson Research Center). and we had a very interesting panel discussion with active participation by the audience. Presentation packages are now available on workshop page (http://www.research.ibm.com/trl/news/workshop/index_en.html).

Publications

Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.

Yasuharu Katsuno, Yuji Watanabe, Sachiko Yoshihama, Takuya Mishina and Michiharu Kudoh, Layering Negotiations for Flexible Attestation, to appear in The First ACM Workshop on Scalable Trusted Computing (STC’06), ACM Press, October, 2006.
Yuji Watanabe, Yasuharu Katsuno, Sachiko Yoshihama, Takuya Mishina and Michiharu Kudo, Secure Routing Mechanism for Trusted Virtual Domain and Its Application (in Japanese), to appear in Computer Security Symposium (CSS2006), October 2006.
Sachiko Yoshihama, Michiharu Kudoh and Kazuko Oyanagi, Inforation Flow Control for Java with Inline Reference Monitors (in Japanese), to appear in Computer Security Symposium (CSS2006), October 2006.
Yuji Watanabe, Sachiko Yoshihama, Takuya Mishina, Michiharu Kudo and Hiroshi Maruyama, Bridging the Gap between Inter-Communication Boundary and Internal Trusted Components, to appear in the 11th European Symposium on Research in Computer Security(ESORICS 2006), Lecture Notes in Computer Science , Vol.4189, Springer, September 2006.
Yuji Watanabe, Sachiko Yoshihama, Takuya Mishina, Michiharu Kudoh, Security Assurance Model for Software-Execution Environment Using Trust Management, in the Proceedings of the 2006 Symposium on Cryptography and Information Security (SCIS2006), Jan. 17-20, 2006, Hiroshima, Japan.
Megumi Nakamura, Seiji Munetoh, Sachiko Yoshihama, Effciency improvement of integrity verification for Thin Client, in the Proceedings of the 2006 Symposium on Cryptography and Information Security (SCIS2006), Jan. 17-20, 2006, Hiroshima, Japan.
Sachiko Yoshihama, Platform Trust Based Access Control Framework, in the Proceedings of the 2006 Symposium on Cryptography and Information Security (SCIS2006), Jan. 17-20, 2006, Hiroshima, Japan.
A. Bussani, J.L. Griffin, B.Jansen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, M. Schunter, A. Tanner, L. Van Doorn, E.A. Van Herreweghen, M. Waidner, S. Yoshihama, Trusted Virtual Domains: Secure Foundations for Business and IT Services (Whitepaper, RC23792), November 9, 2005.
S. Yoshihama, M. Nakamura, K. Sorensen, S. Munetoh, Thin Clean Client, IBM Research Report RT0631.
S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, H. Maruyama, WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services, in the Proceedings of the 2005 IEEE International Conference on Web Services (ICWS 2005), July 11-15, 2005, Orlando, Florida, USA.

Trusted Virtual Domains (TVD)

Project Overview

Project Scope

Validation Service

Establishing Security Model for Trusted Virtual Domain

Events

Events

Publications

Links

Contents Navigation