Abstract
Security concerns are growing both for private and public organizations for online transactions. ERP Systems connected to the Internet are subject to constant attacks from viruses and malicious software. The very reason for this growth is the dependence of a business organization on its ERP systems. One the one hand side, ERP systems can improve businesses by employing latest and state of the art techniques for recording, fetching and manipulating data. However, on the other hand side, this increased dependence has attracted hackers to destroy an organization business by attacking their online ERP systems. Measures such as, using a secure channel to a client of unknown integrity is ineffective. In order to provide improved security while offering e-Services, it is important to know that the client system is not tampered with or the system is not compromised. Several security measures have been taken for servers and channel security while the client security has still been an underestimated security breach. Moreover, the existing security mechanisms are software based and can easily be compromised. To address the client side, hardware based tamper resistant techniques have been proposed. Existing web access control mechanisms within the ERP systems do not allow verifying the integrity of the client before allowing access to a protected resource. In this paper we propose an architecture that enforces a policy based verification of the client platform that can accommodate any remote attestation technique. We present a prototype of our proposed architecture as a proof-of-concept. Our architecture is flexible, scalable and based on open standards.