Satem: Trusted service code execution across transactions

Document Type

Conference Proceeding

Publication Date

12-1-2006

Abstract

Web services and service oriented architectures are becoming the de facto standard for Internet computing. A main problem faced by users of such services is how to ensure that the service code is trusted. While methods that guarantee trusted service code execution before starting a client-service transaction exist, there is no solution for extending this assurance to the entire lifetime of the transaction. This paper presents Satem, a Service-aware trusted execution monitor that guarantees the trustworthiness of the service code across a whole transaction. The Satem architecture consists of an execution monitor residing in the operating system kernel on the service provider platform, a trust evaluator on the client platform, and a service commitment protocol. During this protocol, executed before every transaction, the client requests and verifi es against its local policy a commitment from the service platform that promises trusted code execution. Subsequently, the monitor enforces this commitment for the duration of the transaction. To initialize the trust on the monitor, we use the Trusted Platform Module specifi ed by the Trusted Computing Group. We implemented Satem under the Linux 2.6.12 kernel and tested it for a web service and DNS. The experimental results demonstrate that Satem does not incur signifi cant overhead to the protected services and does not impact the unprotected services. © 2006 IEEE.

Identifier

38949139795 (Scopus)

ISBN

[0769526772, 9780769526775]

Publication Title

Proceedings of the IEEE Symposium on Reliable Distributed Systems

External Full Text Location

https://doi.org/10.1109/SRDS.2006.42

ISSN

10609857

First Page

321

Last Page

334

This document is currently not available here.

Share

COinS