Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Ontology for Mapping Platform Configuration in Security Properties

Summary

E-commerce transactions use client server applications that involve a service requestor and one or more service providers. To obtain assurance that the transaction is secure, the following security operations must be performed: (1) Determination of endpoint (especially service provider) identity (2) Establishment of secure channels to protect the communication between the end point processes and (3) Verification of the integrity of the application and the platform providing the services. While standardized protocols such as SSL (supported by PKI certificates) and IPSec exist for security operations (1) and (2), there are no established processes for defining and verifying the integrity of remote systems and processes that participate in a given service scenario/context. Verifying the integrity of the remote platforms/applications to ensure that they have not been tampered with and can be trusted to protect sensitive information is practically hard due to the following technical bottlenecks: (1) the service requestor or verifier (on any application acting on its behalf) must know the trusted or secure configurations for all platforms/applications which is not feasible (2) there is no guarantee that the presence of secure configuration in a given remote platform/application will translate to satisfaction of security properties required for the given transaction and (3) platform configuration data are at too fine a level of granularity to be handled by most transaction monitors (the software module in charge of managing the transaction).

Description

The output of this project will improve the trust in the most vulnerable (weakest) element participating in a trusted cyber transaction. Additionally, the extensible ontology will enable establishment of assurance measures for new types of online transactions as they emerge.

Created December 22, 2009, Updated March 23, 2018