Satem: Trusted service code execution across transactions

Xu Gang, Cristian Borcea, Liviu Iftode

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Web services and service oriented architectures are becoming the de facto standard for Internet computing. A main problem faced by users of such services is how to ensure that the service code is trusted. While methods that guarantee trusted service code execution before starting a client-service transaction exist, there is no solution for extending this assurance to the entire lifetime of the transaction. This paper presents Satem, a Service-aware trusted execution monitor that guarantees the trustworthiness of the service code across a whole transaction. The Satem architecture consists of an execution monitor residing in the operating system kernel on the service provider platform, a trust evaluator on the client platform, and a service commitment protocol. During this protocol, executed before every transaction, the client requests and verifi es against its local policy a commitment from the service platform that promises trusted code execution. Subsequently, the monitor enforces this commitment for the duration of the transaction. To initialize the trust on the monitor, we use the Trusted Platform Module specifi ed by the Trusted Computing Group. We implemented Satem under the Linux 2.6.12 kernel and tested it for a web service and DNS. The experimental results demonstrate that Satem does not incur signifi cant overhead to the protected services and does not impact the unprotected services.

Original languageEnglish (US)
Title of host publicationProceedings - 25th IEEE Symposium on Reliable Distributed Systems, SRDS 2006
Pages321-334
Number of pages14
DOIs
StatePublished - 2006
Event25th IEEE Symposium on Reliable Distributed Systems, SRDS 2006 - Leeds, United Kingdom
Duration: Oct 2 2006Oct 4 2006

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Other

Other25th IEEE Symposium on Reliable Distributed Systems, SRDS 2006
Country/TerritoryUnited Kingdom
CityLeeds
Period10/2/0610/4/06

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Satem: Trusted service code execution across transactions'. Together they form a unique fingerprint.

Cite this