Threat-adaptive architectures for trusted platform modules in secure computing systems

A hardware system entrusted with security is referred to as the trusted platform module (TPM) which is available for various processor architectures. The two important processor architectures which account for most of general computing systems are based on ARM and x86 processors. The ARM processors have a TPM referred to as TrustZone architecture. The x86 systems' security directives are dictated by the Trusted Computing Group (TCG) which defines the TPM coprocessor features. In this paper, we compare these two approaches of TPM architectures. An effective TPM needs to be adaptive as threats evolve. Threats can arise from firmware bugs in the TPM or decay in the complexity of ciphering algorithms. Therefore, we propose adaptive TPM architecture to counter evolving threats using an FPGA block to alter and patch firmware and change ciphering systems. This along with the one to one association of an explicit security policy with threat is shown to be a powerful counter towards evolving threats.

[1]  Klaus D. Müller-Glaser,et al.  Configuration Measurement for FPGA-based Trusted Platforms , 2009, 2009 IEEE/IFIP International Symposium on Rapid System Prototyping.

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[3]  Thomas H. Lee,et al.  512-Mb PROM with a three-dimensional array of diode/antifuse memory cells , 2003 .

[4]  Bernhard Kauer,et al.  Authenticated booting for L4 , 2004 .

[5]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[6]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[7]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  W.R. Tonti,et al.  eFuse Design and Reliability , 2008, 2008 IEEE International Integrated Reliability Workshop Final Report.

[9]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.