Remote attestation approach by cross-layer security policy translation

Abstract

The security policy can exactly reflect the security expectations of system models. Besides, it is also an important method of remote attestation of computing environment, which is based on model behaviours. Existing policy measurement approaches focus on single model. However, practical policies usually include various kinds of model properties so that existing methods cannot meet the demands of combined policy measurement and unified expectations of multiple collaborative mechanisms and dynamic control systems. This paper proposes a novel remote attestation approach based on cross-layer security policy translation, CPMA, which is used to verify security expectations and combined policy measurements of multiple model systems. CPMA presents security exception expressions and the descriptions of the high-layer policy and the low-layer policy. It also designs the translation algorithm and verification algorithm with low overhead to achieve the trusted measurement of multiple mechanism policies. Extensive evaluations show that CPMA can measure and verify system actions accurately and effectively.