Visible to the public Distributed Usage Control Enforcement Through Trusted Platform Modules and SGX Enclaves

TitleDistributed Usage Control Enforcement Through Trusted Platform Modules and SGX Enclaves
Publication TypeConference Paper
Year of Publication2018
AuthorsWagner, Paul Georg, Birnstill, Pascal, Beyerer, Jürgen
Conference NameProceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5666-4
KeywordsAccess Control, composability, pubcrawl, Resiliency, secure remote computation, SGX, Trusted Platform Module, Trusted Platfrom Modules, Trusted Reference Monitor, usage control
AbstractIn the light of mobile and ubiquitous computing, sharing sensitive information across different computer systems has become an increasingly prominent practice. This development entails a demand of access control measures that can protect data even after it has been transferred to a remote computer system. In order to address this problem, sophisticated usage control models have been developed. These models include a client side reference monitor (CRM) that continuously enforces protection policies on foreign data. However, it is still unclear how such a CRM can be properly protected in a hostile environment. The user of the data on the client system can influence the client's state and has physical access to the system. Hence technical measures are required to protect the CRM on a system, which is legitimately used by potential attackers. Existing solutions utilize Trusted Platform Modules (TPMs) to solve this problem by establishing an attestable trust anchor on the client. However, the resulting protocols have several drawbacks that make them infeasible for practical use. This work proposes a reference monitor implementation that establishes trust by using TPMs along with Intel SGX enclaves. First we show how SGX enclaves can realize a subset of the existing usage control requirements. Then we add a TPM to establish and protect a powerful enforcement component on the client. Ultimately this allows us to technically enforce usage control policies on an untrusted remote system.
URLhttp://doi.acm.org/10.1145/3205977.3205990
DOI10.1145/3205977.3205990
Citation Keywagner_distributed_2018