skip to main content
10.1145/1314354.1314371acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Uclinux: a linux security module for trusted-computing-based usage controls enforcement

Published: 02 November 2007 Publication History

Abstract

Usage controls allow the distributor of some information to limit how recipients of that information may use it. The Trusted Computing Group has standardized Trusted Platform Modules (TPMs) that are built into an increasing number of computers and could greatly harden usage controls against circumvention. However, existing operating systems support TPMs only partially. We describe UCLinux, a novel Linux Security Module that, unlike previous work, supports TPM-based attestation, sealing, and usage controls on existing processors and with minimal modifications in the operating system kernel and applications. Experiments show that UCLinux has modest impact on the system's boot latency and run-time performance.

References

[1]
B. Balacheff, Liqun Chen, Siani Pearson, David Plaquin, and Graeme Proudler. Trusted Computing Platforms: TCPA Technology In Context. Prentice Hall PTR, July 2002.
[2]
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164¿-177, New York, NY, USA, 2003. ACM Press.
[3]
Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. In Proceedings of the 11th USENIX Security Symposium, 5 September 2002.
[4]
Dave Touretzky. Adobe Remedies. {Online}. Available: http://www.cs.cmu.edu/ dst/Adobe/Gallery/, 6 May 2006.
[5]
John Marchesini, Sean W. Smith, Owen Wild, Josh Stabiner, and Alex Barsamian. Open-Source Applications of TCPA Hardware. In Proceedings of 20th Annual Computer Security Applications Conference, December 2004.
[6]
Masoom Alam, Xinwen Zhang, and and Jean-Pierre Seifert. Trusted SECTET: A Model-Driven Framework for Trusted Computing based Systems. In 11th IEEE Enterprise Distributed Object Computing Conference, 2007.
[7]
Microsoft. Next Generation Secure Computing Base. {Online}. Available: http://www.microsoft.com/technet/security/news/ngscb.mspx, July 2003.
[8]
Microsoft. BitLocker Drive Encryption: Executive Overview. {Online} Available: http://technet.microsoft.com/en-us/windowsvista/aa906018.aspx, 5 April 2006.
[9]
NSA. Security-Enhanced Linux. {Online} http://www.nsa.gov/selinux/, 27 August 2007.
[10]
Peter Djalaliev and Jose Brustoloni. Secure Web-Based Retrieval of Documents with Usage Controls. submitted for publication.
[11]
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th Usenix Security Symposium, August 2004.
[12]
S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, and T. Wright. Rfc3546 - Transport Layer Security (TLS) Extensions. {Online}http://www.ietf.org/rfc/rfc3546.txt, June 2003.
[13]
Stefan Berger, Ramon Caceres, Kenneth Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vTPM: Virtualizing the Trusted Platform Module. In 15th USENIX Security Symposium, July 2006.
[14]
T. Dierks and C. Allen. RFC 2246: The TLS Protocol: Version 1.0. {Online} http://www.ietf.org/rfc/rfc2246.txt, January 1999.
[15]
Trusted Computing Group. Homepage. {Online} Available: https://www.trustedcomputinggroup.org.
[16]
Trusted Computing Group. Trusted computing platform alliance (TCPA) main specification version 1.1b. {Online} Available from http://www.trustedcomputinggroup.org.
[17]
U.S. Department of Health and Human Services. Office for Civil Rights - HIPAA. {Online} http://www.hhs.gov/ocr/hipaa/, 29 July 2007.
[18]
Xinwen Zhang, Masoom Alam, Jean-Pierre Seifert, Ruth Breu, and Qi Li. Usage Control Platformization via Trustworthy SELinux. Technical report, Samsung Information Systems America, 2007.

Cited By

View all
  • (2023)A Comprehensive Survey on Software as a Service (SaaS) Transformation for the Automotive SystemsIEEE Access10.1109/ACCESS.2023.329425611(73688-73753)Online publication date: 2023
  • (2022)Research on Distributed Dynamic Trusted Access Control Based on Security SubsystemIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.320642317(3306-3320)Online publication date: 1-Jan-2022
  • (2022)A domain-specific language for the specification of UCON policiesJournal of Information Security and Applications10.1016/j.jisa.2021.10300664:COnline publication date: 1-Feb-2022
  • Show More Cited By

Index Terms

  1. Uclinux: a linux security module for trusted-computing-based usage controls enforcement

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        STC '07: Proceedings of the 2007 ACM workshop on Scalable trusted computing
        November 2007
        82 pages
        ISBN:9781595938886
        DOI:10.1145/1314354
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 02 November 2007

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. LSM
        2. ODRL
        3. TCG
        4. TPM
        5. UCLinux
        6. encrypted file system
        7. linux
        8. linux security module
        9. open digital rights language
        10. trusted computing
        11. trusted computing group
        12. trusted platform module
        13. usage controls

        Qualifiers

        • Article

        Conference

        CCS07
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 17 of 31 submissions, 55%

        Upcoming Conference

        CCS '25

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)11
        • Downloads (Last 6 weeks)3
        Reflects downloads up to 20 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2023)A Comprehensive Survey on Software as a Service (SaaS) Transformation for the Automotive SystemsIEEE Access10.1109/ACCESS.2023.329425611(73688-73753)Online publication date: 2023
        • (2022)Research on Distributed Dynamic Trusted Access Control Based on Security SubsystemIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.320642317(3306-3320)Online publication date: 1-Jan-2022
        • (2022)A domain-specific language for the specification of UCON policiesJournal of Information Security and Applications10.1016/j.jisa.2021.10300664:COnline publication date: 1-Feb-2022
        • (2021)Comparative Analysis of Different Operating Systems used for Low-End IoT DevicesVFAST Transactions on Software Engineering10.21015/vtse.v8i1.5819:1(30-39)Online publication date: 31-Mar-2021
        • (2018)Data Usage Control for Distributed SystemsACM Transactions on Privacy and Security10.1145/318334221:3(1-32)Online publication date: 16-Apr-2018
        • (2018)Comprehensive survey of the IoT open‐source OSsIET Wireless Sensor Systems10.1049/iet-wss.2018.50338:6(323-339)Online publication date: 30-Oct-2018
        • (2016)Remote attestation approach by cross-layer security policy translationInternational Journal of High Performance Computing and Networking10.1504/ijhpcn.2016.0804089:5-6(357-371)Online publication date: 1-Jan-2016
        • (2016)An Extended Usage Control Model for Relational Databases2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC)10.1109/IMCCC.2016.233(82-87)Online publication date: Jul-2016
        • (2016)Towards the modelling of secure pervasive computing systemsJournal of Parallel and Distributed Computing10.1016/j.jpdc.2015.09.00887:C(121-144)Online publication date: 1-Jan-2016
        • (2016)TransPro: Mandatory Sensitive Information Protection Based on Virtualization and EncryptionCloud Computing and Security10.1007/978-3-319-48671-0_39(443-455)Online publication date: 1-Nov-2016
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media