Tamleek Ali

Model-based behavioral attestation

Remote attestation is an important characteristic of trusted computing technology which provides reliable evidence that a trusted environment actually exists. Existing approaches for the realization of remote attestation measure the trustworthiness of a target platform from its binaries, configurations, properties or security policies. All these approaches are low-level attestation techniques only, and none of them define what a trusted behavior actually is and how to specify it. In this paper, we present a novel approach where the trustworthiness of a platform is associated with the behavior of a policy model. In our approach, the behavior of a policy model is attested rather than a software or hardware platform. Thus, the attestation feature is not tied to a specific software or hardware platform, or to a particular remote attestation technique, or to an individual type of security policy. We select usage control (UCON) as our target policy model as it is a comprehensive and exible model. We propose a framework to identify, specify, and attest different behaviors of UCON.

Remote Attestation of Attribute Updates and Information Flows in a UCON System

UCON is a highly flexible and expressive usage control model which allows an object owner to specify detailed usage control policies to be evaluated on a remote platform. Assurance of correct enforcement is mandatory for the establishment of trust on the remote platform claiming to implement UCON. Without such an assurance, there is no way of knowing whether the policies attached to the objects will be enforced as expected. Remote attestation, an important component of Trusted Computing, is highly suitable for establishing such an assurance. Existing approaches towards remote attestation work at a very coarse-grained level and mostly only measure binary hashes of the applications on the remote platform. Solutions at this level of abstraction cannot provide assurance to a challenger regarding behavior of a remote platform concerning enforcement of the owners policies. In this paper, we provide a new remote attestation technique which allows a challenger to verify two important behaviors of a UCON system enforcing its policies. These two behaviors are the attribute update behavior and information flow behavior. Measuring, storing and reporting these behaviors in a trusted manner is described in detail and a mechanism for the verification of these behaviors against the original UCON policies is provided. The end result is a flexible and scalable technique for establishing trust on attribute updates and information flow behaviors of a remote UCON system.

Behavioral attestation for web services (BA4WS)

Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments. However, such dynamic collaborations require a highly secure environment at each respective business partner site. Existing web services standards address the issue of security only on the service provider platform. The partner platforms to which sensitive information is released have till now been neglected. Remote Attestation is a relatively new field of research which enables an authorized party to verify that a trusted environment actually exists on a partner platform. To incorporate this novel concept in to the web services realm, a new mechanism called WS-Attestation has been proposed. This mechanism provides a structural paradigm upon which more fine-grained solutions can be built. In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services level. We propose a new type of XACML policy called XACML behavior policy, which defines the expected behavior of a partner platform. Existing web service standards are used to incorporate remote attestation at the web services level and a prototype is presented, which implements XACML behavior policy using low-level attestation techniques.

Using trusted computing for privacy preserving keystroke-based authentication in smartphones

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device—such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services. We present a prototype implementation of our protocol using the popular Android operating system for smartphones.

TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naive username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device – such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

An Android runtime security policy enforcement framework

Today, smart phone’s malwares are deceptive enough to spoof itself as a legal mobile application. The front-end service of Trojans is attractive enough to deceive mobile users. Mobile users download similar malwares without knowing their illegitimate background threat. Unlike other vendors, Android is an open-source mobile operating system, and hence, it lacks a dedicated team to analyze the application code and decide its trustworthiness. We propose an augmented framework for Android that monitors the dynamic behavior of application during its execution. Our proposed architecture called Security Enhanced Android Framework (seaf) validates the behavior of an application through its permissions exercising patterns. Based on the exercised permissions’ combination, the mobile user is intimated about the dangerous behavior of an application. We have implemented the proposed framework within Android software stack and ported it to device. Our initial investigation shows that our solution is practical enough to be used in the consumer market.

Behavioral Attestation for Business Processes

Service Oriented Architecture (SOA) is an architectural paradigm that enables dynamic composition of heterogeneous, independent, multi-vendor business services. A prerequisite for such inter-organizational workflows is the establishment of trustworthiness, which is mostly achieved through non-technical measures such as legislation, and/or social consent that businesses, or organizations simply pledge themselves to adhere. In our viewpoint, a business process can only be trustworthy if the behavior of all services in it is trustworthy. Trusted Computing Group (TCG) has defined an open set of specifications for the establishment of trustworthiness through a hardware root-of-trust. This paper has three objectives: firstly, the behavior of individual services in a business process is formally specified. Secondly, in order to overcome the inherent weaknesses of trust management through software alone, a hardware root of-trust devised by the TCG, is used for the measurement of the behavior of individual services in a business process. Finally, a verification mechanism is detailed through which the trustworthiness of a business process can be verified.

An Accessible Formal Specification of the UML and OCL Meta-Model in Isabelle/HOL

UML is the de-facto standard for system modeling. Due to its visual syntax and expressiveness, it is widely accepted and used in the industry. However, it is a semi-formal means of system specification and thus prone to inconsistencies. We believe that UML models need to be thoroughly verified because verification of UML models helps to find errors in the early system design. Object constraint language (OCL) somewhat alleviates this problem but is not always enough. Past attempts at formally specifying UML for verification include those based on simplistic Z specifications and the much more complex ones based on shallow embedding of UML and OCL in Higher Order Logic (HOL). All these approaches are either too simplistic or too complex for the software industrys purposes. In this paper, we formalize UMLs class diagram and OCL constraints in the highly successful automated/interactive theorem prover Isabelle using one of its built-in logics, HOL. The aim is to create a formalization, which is accessible to the average software engineer while still being powerful enough to be able to prove consistency and other useful properties. The formalization - based on UML2.0 and OCL2.0, addresses all concepts related to class diagrams such as type definitions, attributes, operations, aggregation and association along with the syntax and semantics of OCL expressions in the context of UML class diagrams.

On leveraging stochastic models for remote attestation

Remote attestation is an essential feature of Trusted Computing that allows a challenger to verify the trustworthiness of a target platform. Existing approaches towards remote attestation are largely static or too restrictive. In this paper, we present a new paradigm in remote attestation that leverages recent advancements in intrusion detection systems. This new approach allows the modeling of an applications behavior through stochastic models of machine learning. We present the idea of using sequences of system calls as a metric for our stochastic models to predict the trustworthiness of a target application. This new remote attestation technique enables detection of unknown and zero-day malware as opposed to the known-good and known-bad classification currently being used. We provide the details of challenges faced in the implementation of this new paradigm and present empirical evidence supporting the effectiveness of our approach.

Scalable, Privacy-Preserving Remote Attestation in and through Federated Identity Management Frameworks

Creating trustworthy online computing is an important open issue in security research. Trusted Computing aims to address this problem through the use of remote attestation but comes with its own baggage in the form of privacy concerns. Federated Identity Management Systems (FIDMSs), on the other hand, provide another form of trust but lack the ability to measure the integrity of platforms that they vouch for. We note that these two security architectures have reciprocal strengths and weaknesses and can be combined to create an architecture that addresses the concerns of both. In this paper, we propose an extended FIDMS in which the identity provider not only vouches for the identity of a user but also for her platforms integrity. In this way, we (a) allow a service provider to establish trust on a client platforms integrity without sacrificing privacy; and (b) create a feasible and scalable architecture for remote attestation. We describe our proposed architecture in the context of Shibboleth FIDMS and provide the details of the implementation of this system.