Trusted and only Trusted. That is the Access!: Improving Access Control Allowing only Trusted Execution Environment Applications

Abstract

Security concerns should always be considered when deploying distributed systems that deal with sensitive data. Generally, the software components responsible for storing these sensitive data are protected, having access control systems to allow or deny external requests. A Policy Enforcement Point (PEP) Proxy is one of these systems which allows or denies access to protected data by checking if the requester is authorized and has permission to access. Despite these two validations about the requester (authorization and data access permission), the traditional PEP Proxy does not guarantee anything more about the requester which will process the data. This work proposes an improvement to the PEP Proxy protection in a way that it can also verify if the requester runs on a Trusted Execution Environment (TEE) application. A TEE is responsible for trusted computing, processing data in a protected region of memory, which is tamper-resistant and isolated from external resources, and keeping code and data protected even if the operating system is hacked. The Trusted PEP Proxy (TruPP) performs the remote attestation (RA) process to guarantee that the requester runs on a TEE. We created a Coloured Petri Net (CPN) model to help validate our proposal by checking some security properties.