Motivation
Many applications nowadays are conducted on open computer platforms across heterogeneous domains or over the public Internet. The openness of the platforms and the open infrastructure of the Internet provide the essential flexibility to enable widespread adoptions of numerous innovative applications. However, entities involved in such distributed and open environments normally have different interests and motivations, and may not trust each other for critical operations or transactions. As such, it is important to study the means for establishing and managing trust among individual platforms, from the perspectives of the different entities involved. To further illustrate this point, consider the following two applications.
A corporate intranet is required to be accessible for its employees outside its premises, e.g. an employee on travel. This presents a threat to the corporation’s information facility, due to the lack of assurance on the sanity of the client systems used by those employees. Though the users are trusted, the remote systems could be malicious, which may download confidential corporate information, modify sensitive data, or even infect other nodes in the intranet. Existing security measures based on authentication, firewall and access control are insufficient to defeat these attacks. It is desirable for the corporation to have the ability of evaluating the trustworthiness of the remote systems before admitting them into the intranet.
Another typical application requiring trust management is distributed computing which consists of a job supervisor and multiple participants. The supervisor splits a large computation job into tasks and assigns them to the participants. Each participant accomplishes the assigned task by performing certain computations and returns the results back to the supervisor. There have been a surge of interests in using this computing paradigm to solve computation intensive problems, e.g., the well-known SETI@Home project (Korpela, Werthimer, Anderson, Cobb, & Lebofsky, 2001; SETI@Home, 2007), the Great Internet Mersenne Prime Project (GIMPS, 2007), and the Folding@Home project (Folding@home, 2007). The most vital requirement of such applications is that the results returned by the participants should be trustworthy in the sense that the participants’ computing processes are not tampered with.
Similar issues also exist in other distributed applications, such as distributed firewalls (Ioannidis, Keromytis, Bellovin, & Smith, 2000), digital rights management, P2P applications, ad hoc trust routing, Web services and Grid Computing. The transactions among participants in these applications can be securely executed only when the participants are trustworthy. For example, DRM protected content is transferred only to devices that are able to prove its trustworthiness.
Trust management usually begins with trust evaluation followed by policy enforcement. Therefore, a reliable trust evaluation is the premise of the entire trust management framework. A prerequisite to evaluate a platform’s trustworthiness is the knowledge of its trust related attributes, such as its system configurations and software, its access policies and its dynamic behavior. Remote attestation serves exactly for this purpose.