Skip to main content

Project Overview

Trusted Virtual Domains (TVDs) represent a new model for achieving IT and business security. TVDs address critical heterogeneity and complexity issues in existing models, they provide quantifiable security and operational management for business and IT services, and they simplify overall containment and trust management in large distributed systems.

The key innovation in TVDs is a focus on overall security goals required within service domains collections of complete systems that work together to provide a service as opposed to point hardware and software solutions. This emphasis on satisfying service-oriented goals is a step toward enabling the flexible deployment of secure services in on demand environments.

Within a TVD, high-level security and operational policy statements are systematically mapped into the configuration of the individual hardware and software components that together perform a service. For example, a TVD for a payroll-processing service would transform business-level policy statements such as "Employees" personal information in HR records must only be disclosed to authorized parties into platform-specific directives for information flow and access control. These directives are then used to configure the protected execution environments that host the HR information service.

The TVD model represents a departure from the design of many conventional secure operational models. For example, TVDs are designed to provide an explicit and autonomously measurable quantification of whether the overall security goals are achieved, prior to (or during) the processing of a service. The application developer is relieved from the burden of implementing and verifying security-related functions for service processing, such as the creation of protected communication channels, as such functions are provided by the TVD infrastructure. Also, the specification of security goals in TVDs proceeds according to the requirements of the application or service to be run, instead of being individually specified on a per-user or per-system basis.

Project Scope

The major goals of our project are:

The deliverables include a new theoretical model, a repository of vulnerability information, an evaluation and management service, and an overall trust management process to support Trusted Computing in the real world.

The notion of "integrity attestation", which is defined in the Trusted Computing Group (TCG), allows remote challenger to verify precise configuration and state of a computing platform in a reliable way. This mechanism enhances the assurance for distributed computation through strong protection to network viruses and malware, early detection to compromised system. We are developing an infrastructure and unified model for the integrity attestation.

Currently, we are closely collaborating with Watson Research Center (WRC) and Zurich Research Lab(ZRL) in these areas. Part of this project is supported by the Japanese Ministry of Economics, Trade and Industry (METI).

Validation Service

Validation Service provides the semantics corresponding to the measurement of the system integrity. The user of this service can request the value of integrity measurement from the target remote system and then ask the validation service if the target system provides assurance of the security properties under certain security policy. This mechanism allows heterogeneous nodes to construct trust relationship in a decentralized trust model.

Validation Service

Establishing Security Model for Trusted Virtual Domain

Validation Service provides the semantics corresponding to the measurement of the system integrity. The user of this service can request the value of integrity measurement from the target remote system and then ask the validation service if the target system provides assurance of the security properties under certain security policy. This mechanism allows heterogeneous nodes to construct trust relationship in a decentralized trust model.

Trusted Virtual Domain Model

Events

Events

Publications

Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.

Links

Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.