Title :
Flexible Attestation of Policy Enforcement for Sensitive Dataflow Leakage Prevention
Author :
Yu Rong-wei ; Wang Li-na ; Ma Xiao-yan ; Ke Jin
Author_Institution :
Sch. of Comput., Wuhan Univ., Wuhan, China
Abstract :
With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow, but the existing schemes could not satisfy the higher requirements of flexibility and security in the environment of sensitive dataflow leakage prevention. According to behavior compliance, this paper proposes a flexible and behavior-based attestation of compliance and enforcement of security policies for data prevention, which is adapted to inter-domain and intra-domain. In our attestation, the unified behavior of the policy model is attested rather than that of any individual security policy. The advantage of this approach is that it is not tied to any specific type of security policy, and it addresses the verification when security policies in two individual virtual domains are inconsistent.
Keywords :
security of data; remote attestation; security policy compliance; security policy enforcement; sensitive dataflow leakage protection; trusted virtual domains; Access control; Computer networks; Computer science education; Computer security; Data security; Fluid flow measurement; Information security; Kernel; Laboratories; Protection; dataflow leakage preventatione; remote attestation; security policy; trusted computing;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.166
