Trust management systems and network admission control systems have been developed for securing a node and a network. FIG. 1 shows a conventional trust management and admission control system 100 which transfers security metrics from one node to another. In the conventional system 100, a trustor node 110 may send a behavior metrics request 132 to a trustee node 120 for evaluating the security state of the trustee node 120. In response to the request 132, a metrics component 122 of the trustee node 120 collects behavior metrics 134 and sends the behavior metrics 134 to the trustor node 110. A metrics component 112 of the trustor node 110 then evaluates the security state of the trustee node 120 based on the behavior metrics 134 received from the trustee node 120. The trustor node 110 then sends an evaluation result 136 to the trustee node 120. The behavior metrics may include an indication of whether or not anti-virus software is installed and operational in the trustee node 120, a virus scan result, or the like.
FIG. 2 shows a metrics component 112, (112A or 112B of FIG. 1), used in the conventional system 100 of FIG. 1. The metrics component 112 may include at least one of trustor functionality 210 and trustee functionality 220. FIG. 2 illustrates a metrics component 112 having both trustor and trustee functionalities 210, 220, as an example. Alternatively, only one of the trustor functionality 210 and the trustee functionality 220 may be included in the metrics component 112.
The trustor functionality 210 includes at least one integrity metrics verifier 212 and a metrics evaluator 214. The integrity metrics verifier 212 is a software component that analyzes and verifies the behavior metrics received from the trustee node 120. The metrics evaluator 214 performs evaluation of the behavior metrics based on an evaluation function.
The trustee functionality 220 includes at least one integrity metrics collector 222 and a metrics organizer 224. The integrity metrics collector 222 is a software component that collects behavior metrics of the node. For example, the integrity metrics collector 222 may interface with an anti-virus program to access its scanning results. The metrics organizer 224 batches metrics results before sending them to the trustor node 110.
Currently, available standards and products that allow one node to request behavior metrics from another node include the Trusted Computing Group's (TCG's) Trusted Network Connect (TNC), Microsoft's Network Access Protection Platform Architecture and Cisco's Network Admission Control. These standards and products generally involve a device communicating with a server in order for the device to receive permission from the server to gain (degrees of) access to the network. A related approach to the evaluation of behavior metrics is a remote attestation functionality involving the TCG's Trusted Platform Module (TPM). With remote attestation, measurements that are made concerning the state of firmware and software in a device are sent to another device as entries in a log, along with signed hashes of the log entries to provide integrity.
In the conventional trust management and admission control system 100 of FIG. 1, the security state of one node needs to be established by another node. However, a transfer of the behavior metrics may be a breach of privacy, or the trustee may worry about misuse of the transferred information.