The approach of semantic remote attestation proposes a program or software semantic analysis and requires a Trusted Virtual Machine (TVM) running on a target platform. In order to verify the behavior of a running software, the TVM monitors the security policy attached to the software which is based on different properties of the software. For example, a security policy attached to a Java program might restricts its further inheritance to certain classes only. In their approach, the TVM is binary attested in order to ensure that the security policy attached to a software is indeed enforced. Thus, the approach is TVM dependent. The term behavioral attestation and presented an approach where the behavior of the security policy of a target platform is attested. In their approach, a complete analysis of the entire security policy of a target platform is proposed which is not an efficient solution. For behavioral analysis, the approach uses a very simple example from unix password file that “Alice can do this and Bob cannot”; therefore, the approach has a very limited scope. We note that both of these approaches associate the trusted behavior of a platform with its security policies. Due to an enormous number of different types of security policies, e.g., different operating system policies, web service policies etc, it is also not adequate to associate the trustworthiness of a platform with its security policies and such associations quickly become intractable.

The objectives of this research was not only provide a strong and feasible security backbone to Pakistan but also catch international attention to the high-tech research activities in the institution. Security and involving latest technology as remote attestation and Trusted Computing is not being worked upon nowhere in this country and the institution can prove to be a pioneer of this paradigm.

  1. Behavior of a policy model is attested rather than a software or hardware platform
  2. The attestation feature is not tied to a specific software or hardware platform
  3. Take a model driven approach to consume low-level techniques invented by researchers

We have published two conference papers and one international journal in this project
Details of the publication has been given below


Behavior Attestation for Business Process

Fine-grained, User-Centric Permission Delegation in Multi-Mashup Web Services


Behavioral Attestation for Web Services Based Business Processes

Leave a Reply