A Trusted Integrity Measurement Architecture for Securing Enterprise Network

The threat landscape continues to evolve, with increasingly complex attacks directed at the corporate network to achieve malicious goals. Enterprise networks build their first line of defense with firewalls and virtual private network (VPN) gateways. However, this kind of defense can be easily circumvented. It is possible that an attacker may have compromised a client process and gain privilege of the client computer. Even though we have corporate-wide access control, the access control approach is currently insufficient to stop these malicious processes. To better defend enterprise network, this paper proposed a novel system that empowers the corporate networks to verify client integrity properties based on our trusted measurement architecture. When the critical system configuration is changed, the trusted platform module (TPM) attestation mechanism is called to inform security agent about the trusted measurement values. Once the verification process fails, the client will be excluded from the network and notification to a super security agent will be sent. The system performance is also illustrated in this paper.