attestation Resources on ZDNet

ZDNet Resources

An Approach to a Trustworthy System Architecture Using Virtualization: This paper presents a system architecture for trusted transactions in highly sensitive environments. This architecture takes advantage of techniques provided by the Trusted Computing Group (TCG) to attest the system state of the communication partners, to guarantee that the system is free of malware and that its software has not...; Tags: Attestation, Springer Science+Business Media, Trusted Platform Module, Virtualization, Storage Management, Utility Computing, Hardware, Storage; White papers 2007-08-11
Distributed Software-Based attestation for Node Compromise Detection in Sensor Networks: Sensors that operate in an unattended, harsh or hostile environment are vulnerable to compromises because their low costs preclude the use of expensive tamper-resistant hardware. Thus, an adversary may reprogram them with malicious code to launch various insider attacks. Based on verifying the genuineness of the running program, the paper...; Tags: Software, Pennsylvania State University, Network, Sensor, Attestation; White papers 2007-07-19
Layering Negotiations for Flexible attestation: This paper proposes a layering negotiation approach. It divides an attestation process into a global attestation phase that verifies that a Trusted Virtual Domains (TVD) is fundamentally secure and supporting essential trusted primitives and a local attestation phase that verifies the integrity of a specific component involved in a usage...; Tags: Attestation, Negotiation, Free Trade, Finance; White papers 2006-11-03
A Robust Integrity Reporting Protocol for Remote attestation: Trusted Computing Platforms provide the functionality of remote attestation, i.e. attesting the configuration and status of a system to a remote entity. Remote attestation hereby proves integrity and authenticity of system environments. This is crucial for policy enforcement, which in turn is needed in many usage scenarios, e.g., DRM. However,...; Tags: Attestation, Attack, Security; White papers 2006-10-31
attestation of Identity Information: This Oracle white paper discusses the fundamental premise of attestation and the role of identity management in achieving cost-effective, sustainable compliance. Attestation is the requirement that management periodically certifies that only appropriate individuals have accessed sensitive information. While the cost of complying with the provisions of regulations like Sarbanes Oxley...; Tags: Oracle Corp., Attestation, Authentication/Encryption, Regulatory Compliance, Security, Human Resources, Policies And Procedures; White papers 2006-05-01

Additional Resources

Will Sarbox change ding IT vendors?: The Securities and Exchange Commission tweaked its Sarbanes-Oxley requirements and that could be bad news for the technology companies, consultants and accountants on the Sarbox gravy train. The SEC said Wednesday that it was making changes to the Sarbanes-Oxley Act, known in some quarters as the accountant and consultant employment...; Tags: General, IT Management, Software Infrastructure; Blog posts 2007-05-24
WS-attestation: Enabling Trusted Computing on Web Services: This paper proposes WS-Attestation, an attestation architecture based upon a Web Services framework. The increasing prevalence of security breaches caused by malicious software shows that the conventional identity based trust model is insufficient as a protection mechanism. It is unfortunately common for a computing platform in the care of a...; Tags: Web, Trusted Computing, Web Service, WS-Attestation, Web Services, Channel Management, Enterprise Software, Software, Marketing; White papers 2006-10-31
Oct 3 (tomorrow): DRM lovers' day of reckoning?: Oct 3 (tomorrow): DRM lovers' day of reckoning?Simple oneWebsite designers can (thanks to MS) detect whether clients connecting to them support some of the greasier DRMfoolishness such as remote attestation.Those infected get redirected to a "security fault detected" page with removal/repair instructions.It ain't free to make - it ain't free...; Tags: Digital rights management (DRM), Digital media, digital-rights management, DefectiveByDesign.org; Discussion threads 2006-10-02
Flexible Integrity Protection and Verification Architecture for Virtual Machine Monitors: Lack of security of virtual machines and lack of trust into correct execution of virtualization engines is a major concern that is limiting the broad adoption of virtual machine technology. This paper looks at ways of improving Virtual Machine (VM) security, specifically in the context of integrity of VMs, by...; Tags: Virtual Machine; White papers 2006-08-21
On Similarities Between SOA-Based Web Service and Smart Card Application for Ease of Understanding and Securing the Former: This paper is to leverage familiarity with smart card application, i.e. understanding and practical experiences of implementing trustworthy smart card application, to uncover secret veil surrounding the SOA-Based Web Services, and further develop and implement effective strategies for achieving trustworthy Web Services. Aspects being compared, of smart card application and...; Tags: Web, Smart Card, Web Service, SOA, Smart Card Application, Smart Cards, Service-Oriented Architecture (SOA), Authentication/Encryption, Digital Security, Web Services, Enterprise Software, Software, Security; White papers 2006-04-25
Normative issues in the Cocoon strategy: Normative issues in the Cocoon strategyCentralization is not all rosyPlacing ALL of your documents in one "basket" means a major single-point-of-failure. If your network/server infrastructure is anything but rock-solid, don't do it.Not to mention SOx and the "separation of roles" issues! Any server with sensitive docs would need all sorts...; Tags: Groupware, Microsoft Office, centralization, strategy, Cocoon; Discussion threads 2006-04-21
Hasta la Vista Secure TPM: I spent some time last week reviewing the TPM-1.2 (Trusted Platform Module) implementation for Microsoft Vista because what Microsoft promised for Longhorn back in 2001 and 2002 seemed applicable to a current problem. As it turns out Vista doesn't deliver on any of that - in fact, the more I...; Tags: TPM; Blog posts 2006-03-28
MPAA demonstrating analog hole at CES: By way of Jim Hock & Co. over at 463 Communications, the Motion Picture Association of America is apparently demonstrating the awfulness of the proverbial analog hole that recently proposed legislation is looking to cork: ...And when Hollywood studios are concerned, presto, legislation appears. House Judiciary...; Tags: video; Blog posts 2006-01-05
Something for Congress to stick in its analog hole and smoke: Something for Congress to stick in its analog hole and smokeInteresting you mentioned thatMy future livingroom has but 3 electronic devices.1. A box - a set-top/cable-style "box" that is no more than a web browser that uses WiMAX to stream video/audio.2. The "big screen" - Not a television per se...; Tags: U.S. Congress, video capture, speaker, analog hole; Discussion threads 2006-01-04
'Bot' for Sony CD software spotted online: 'Bot' for Sony CD software spotted onlineSony's EULA is worse than their DRMHas anyone read the EULA Sony includes with their cd's?http://www.eff.org/deeplinks/archives/004145.phpIf your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any...; Tags: Digital rights management (DRM), PRODUCTIVITY, Digital media, bot, Sony EULA, software, EULA, digital-rights management, Sony Corp., music, computer, CD, operating system, Microsoft Corp.; Discussion threads 2005-11-10
IT employees--handle with care: IT employees--handle with careReal Problem?I really don't think the true problems were addressed in this article. Several people I know in the industry were let go because they were getting paid what they were worth. So they were either replaced by someone who knew 1/10th of their knowledge...; Tags: Strategy, .NET, Benefits, Recruitment & Selection, Workforce management, information technology, perk, salary; Discussion threads 2005-11-02
Relief from Sarbanes-Oxley on the way?: Relief from Sarbanes-Oxley on the way?Whats the problem?SOX for dummies:301, Independant auditors have to be independant.302, CFO & CEO have to state the accounts are not bogus.303, Company execs not allowed to coerce or bully independant auditors.304, If officers get a bonus based on false accounts they have to pay...; Tags: Sarbanes-Oxley, Regulatory compliance, Regulations, Financial accounting, Sarbanes-Oxley Act, issuer; Discussion threads 2005-06-09
Tech's big complaint of 2005: Tech's big complaint of 2005Careless mispellings" The reason: The law is making them miserable."Damn it zdnet, thats not how you spell 'liable'.Stop complainingHow to hide truth and poor accountability is why SOX-SEC filling regulation are a headache.For one thing, ...SOX was probably helped by some CEOs, especially those that stood...; Tags: Sarbanes-Oxley, Regulatory compliance, Regulations, SOX audit, Sarbanes-Oxley Act; Discussion threads 2005-04-29
Sarbanes-Oxley delays Cray's annual report: Sarbanes-Oxley delays Cray's annual reportSOX will do absolutely nothingto prevent the fraud which spawned the laws enactment. When upper management is involved in fraud, no law in the world will prevent it. The changes which the law brought about would only help prevent things like embezzlement by those...; Tags: Sarbanes-Oxley, Regulatory compliance, Regulations, Sarbanes-Oxley Act, Cray Inc., SOx; Discussion threads 2005-03-16
SAP to pull on Virsa's SOX pack: SAP to pull on Virsa's SOX packUh, not reallySOx compliance if for the end-user (corporation). On other words, HP uses SAP for ERP. HP is the one that needs to get SOx attestation - not SAP. The SAP company is german, so I wonder if they need to get SOx...; Tags: Sarbanes-Oxley, Regulatory compliance, Regulations, SAP AG, Virsa, SOx, Sarbanes-Oxley Act; Discussion threads 2005-03-15