Integrity Based Access Control

Security issues in a networked environment include
threats to either end-point and the conduit between
them. Issues related to enterprise servers and
communication channels have been studied at length in
subjects such as cryptography and system security.
Client ends in any networked scenario have received
little attentions in security studies. Hence, clients
have become the target of malicious activities on the
larger networks such as the Internet. Trusted
Computing aims to address client side security
concerns using hardware-based security. Remote
attestation is an essential characteristic of Trusted
Computing, which allows a client system to provide
assurance to a remote platform that its platform is
in a trustworthy state. However, remote attestation,
being a state-of-the-art technology, is difficult to
realize. In this book, we present a practical case
study in the form of a trusted web browser and a
trust-aware web server. We provide hands-on
information about setting up the client and server
environments, and modifications to an open source web
server and browser with the aim of letting the
average developer gain expertise in using remote
attestation in a practical scenario.

Autorentext
Tamleek Ali and Mohammad Nauman are members of Security
Engineering Research Group (SERG) led by Masoom Alam. SERG
specializes in security aspects including Trusted Computing,
remote attestation and access and usage control. SERG maintains
its website at http://serg.imsciences.edu.pk.

Klappentext
Security issues in a networked environment include threats to either end-point and the conduit between them. Issues related to enterprise servers and communication channels have been studied at length in subjects such as cryptography and system security. Client ends in any networked scenario have received little attentions in security studies. Hence, clients have become the target of malicious activities on the larger networks such as the Internet. Trusted Computing aims to address client side security concerns using hardware-based security. Remote attestation is an essential characteristic of Trusted Computing, which allows a client system to provide assurance to a remote platform that its platform is in a trustworthy state. However, remote attestation, being a state-of-the-art technology, is difficult to realize. In this book, we present a practical case study in the form of a trusted web browser and a trust-aware web server. We provide hands-on information about setting up the client and server environments, and modifications to an open source web server and browser with the aim of letting the average developer gain expertise in using remote attestation in a practical scenario.