Takuya Mishina

ws-Attestation: Enabling Trusted Computing on Web Services

This chapter proposes ws-Attestation, an attestation architecture based upon a Web Services framework. The increasing prevalence of security breaches caused by malicious software shows that the conventional identity-based trust model is insufficient as a protection mechanism. It is unfortunately common for a computing platform in the care of a trustworthy owner to behave maliciously. Zombie computers used to send spam being a common example.

Bridging the gap between inter-communication boundary and internal trusted components

Despite increasing needs for the coalition-based resource sharing, establishing trusted coalition of nodes in an untrusted computing environment is a long-standing yet increasingly important issue to be solved. The Trusted virtual domain (TVD) is a new model for establishing trusted coalitions over heterogeneous and highly decentralized computing environment. The key technology to enable TVD is the integrity assurance mechanism, which allows a remote challenger to verify the configuration and state of a node. A modern computer system consists of a multi-layer stack of software, such as a hypervisor, a virtual machine, an operating system, middleware, etc. The integrity assurance of software components is established by chains of assurance from the trusted computing base (TCB) at the lowest layer, while the communication interface provided by nodes should be properly abstracted at a higher layer to support interoperable communication and the fine-grained handling of expressive messages. To fill the gap between ”secure communication between nodes” and ”secure communication between trusted components”, a notion of ”Secure Message Router (SMR)”, domain-independent, easy to verify, multi-functional communication wrapper for secure communication is introduced in this paper. The SMR provides essential features to establish TVDs : end-to-end secure channel establishment, policy-based message translation and routing, and attestability using fixed clean implementation. A virtual machine-based implementation with a Web service interface is also discussed.

Layering negotiations for flexible attestation

Recently, much attention has been paid to research on distributed coalitions that establish trust among the members of groups of computing components in distributed environments. The Trusted Virtual Domains (TVD) that our research division is proposing is a new model of a distributed coalition for establishing multiple trusted coalitions of components on nodes in distributed heterogeneous environments. In a large-scale distributed computing environment where many kinds of components exist and there might be difficult situations to agree common attestation methods among all components beforehand, it is necessary to provide each component with flexible attestation according to its usage scenario for increasing the number of components that can participate in TVD.In this paper, we propose a layering negotiation approach. It divides an attestation process into a global attestation phase that verifies that a TVD is fundamentally secure and supporting essential trusted primitives and a local attestation phase that verifies the integrity of a specific component involved in a usage scenario. And, a combination of attestation methods is decided as a result of negotiation between the components for each kind of attestation at each phase. With our approach, the attestation corresponding to a usage scenario can be done flexibly based on the minimal required attestation needed in the TVD, so the component developers can concentrate on the implementation of the higher-level functions.

Fine-grained sticky provenance architecture for office documents

Current business situations require improved confidentiality and integrity for office documents. However, existing content management systems for office documents lack required security properties such as the *-property, or have problems such as label creep. In this paper we propose a meta-data format called sticky provenance and a fine-grained information flow control architecture using the sticky provenance. The sticky provenance contains the change history and the labels of an office document in a secure form, and it ensures the verifiability of the change history of the documents in distributed environments. The Provenance Manager, which is a key module of the architecture, reduces the label creep problem of the information flow control models with the sticky provenance. In other words, the sticky provenance and the Provenance Manager can introduce a practical fine-grained information flow control capability to office applications so that we can ensure both the confidentiality and the verifiability of office documents.

Language Translation Tools Drive Productivity Improvements for Global Delivery of Services

Efficient utilization of global resources is crucial for globally integrated enterprises to improve their business performance. Rising costs of language translation by professional translators are inhibiting the growth of global delivery of services from and to countries and geographies where most documents need to be translated. The quality levels of current machine translation engines are inadequate for such business processes, since translation errors may cause significant business problems. Human-quality translations are needed, and we need tools for enhancing these human translation efforts. We have developed an architecture and some tools to help people create translations more efficiently. The framework provides tools for interactively creating translations by aggregating the information necessary for translating the documents, for checking the quality of the source documents to be translated, and for effectively gathering translation-related resources from existing documents. We conducted several experiments to evaluate the performance of the tools, and confirmed that the framework and tools are valuable in assisting human translation work.