论文信息 - Turtles all the way down: research challenges in user-based attestation

Turtles all the way down: research challenges in user-based attestation

Current trusted computing technologies allow computing devices to verify each other using attestation, but in a networked world, there is no reason to trust one computing device any more than another. Treating these devices as turtles, the user who seeks a trustworthy system from which to verify others quickly realizes that it's "turtles all the way down" because of the endless loop of trust dependencies. We need to provide the user with one initial turtle (the iTurtle) which is axiomatically trustworthy, thereby breaking the dependency loop. Further, the size of the software trusted computing base on today's computing devices is overwhelming. We argue that a mechanism for reducing the size is essential for extracting meaning from attestations and enabling an iTurtle to do its job. This talk will present some of the research challenges involved in designing and using an iTurtle, and in architecting systems to provide meaningful attestations to an iTurtle.

[1] Trent Jaeger,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[2] Carsten Rudolph,et al. Covert Identity Information in Direct Anonymous Attestation (DAA) , 2007, SEC.

[3] William A. Arbaugh,et al. A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4] Ahmad-Reza Sadeghi,et al. TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[5] Ahmad-Reza Sadeghi,et al. Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[6] Sean W. Smith,et al. Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[7] Ronald Perez,et al. Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[8] Siani Pearson,et al. Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[9] Patrick Röder,et al. A Robust Integrity Reporting Protocol for Remote Attestation , 2006 .

[10] Ernest F. Brickell,et al. Direct anonymous attestation , 2004, CCS '04.