Privacy Enhanced Trusted Network Connect

Autor: Josef von Helden, Ingo Bente, Joerg Vieweg
Rok vydání: 2010
Předmět:
Zdroj: Trusted Systems ISBN: 9783642145964
INTRUST
DOI: 10.1007/978-3-642-14597-1_8
Popis: Network Access Control (NAC) approaches like the Trusted Computing Group's (TCG) Trusted Network Connect (TNC) enable the verification of the integrity of computing systems (also referred to as NAC assessment) both in an interoperable and fine-grained manner. Currently, the decision regarding which integrity aspects of a computing system must be verified in order to gain network access is solely made by the network operator who establishes appropriate policies. Thus the network is potentially able to read arbitrary data on the endpoint during NAC assessment. A generic mechanism allowing the user of an endpoint to control which integrity aspects of his computing system are permitted to be measured and verified by a NAC solution does not exist. We propose a solution to the problem described above: Client-side Policies. In this paper, we describe the concept of Client-side Policies and define an extension to the TNC framework that allows them to be enforced. Furthermore, we present an implementation that demonstrates the threats that arise in conjunction with NAC assessments. We show how these threats can be mitigated by implementing our Client-side Policy approach.
Databáze: OpenAIRE