论文信息 - Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification

Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification

The Trusted Platform Module (TPM) is a device that can be used to enhance the security of web applications. However, the TPM has to be used in a proper manner in order to benefit from its security properties. A threat model will contribute towards developing a better understanding of how to use the TPM and serve as a reference for future work. In this paper, a web application scenario based on the TPM 2.0 specification is developed and the threat model is constructed using Microsoft’s security development lifecycle threat modelling tool. The threats to each element in the model are analysed and the appropriate mitigations are worked out.

Allan Tomlinson | Jiun Yi Yap

[1] Carsten Rudolph,et al. Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[2] Bryan Parno,et al. Bootstrapping Trust in a "Trusted" Platform , 2008, HotSec.

[3] Liqun Chen,et al. Offline dictionary attack on TCG TPM weak authorisation data, and solution , 2009 .

[4] Mattia Monga,et al. Replay attack in TCG specification and solution , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[5] Mark Ryan,et al. Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.