Trusted Computing - Special Aspects and Challenges

The advent of e-commerce, e-government, and the rapid expansion of world-wide connectivity demands end-user systems that adhere to well-defined security policies. In this context Trusted Computing (TC) aims at providing a framework and effective mechanisms that allow computing platforms and processes in a distributed IT system to gain assurance about each other's integrity/trustworthiness. An industrial attempt towards realization of TC is the initiative of the Trusted Computing Group (TCG), an alliance of a large number of IT enterprises. The TCG has published a set of specifications for extending conventional computer architectures with a variety of security-related features and cryptographic mechanisms. The TCG approach has not only been subject of research but also public debates and concerns. Currently, several prominent academic and industrial research projects are investigating trustworthy IT systems based on TC, virtualization technology, and secure operating system design. We highlight special aspects of Trusted Computing and present some current research and challenges. We believe that TC technology is indeed capable of enhancing the security of computer systems, and is another helpful means towards establishing trusted infrastructures. However, we also believe that it is not a universal remedy for all of the security problems we are currently facing in information societies.

[1]  Birgit Pfitzmann,et al.  Die PERSEUS Systemarchitektur , 2001 .

[2]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[3]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[5]  Robert P. Goldberg,et al.  Architectural Principles for Virtual Computer Systems , 1973 .

[6]  Dieter Gollmann,et al.  Computer Security — ESORICS 2002 , 2002, Lecture Notes in Computer Science.

[7]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[8]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[9]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[10]  Chris I. Dalton,et al.  Towards automated provisioning of secure virtualized networks , 2007, CCS '07.

[11]  Amy Carroll,et al.  Microsoft Palladium: A Business Overview , 2002 .

[12]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[13]  Ahmad-Reza Sadeghi,et al.  Enhancing Grid Security Using Trusted Virtualization , 2007, ATC.

[14]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[15]  Sean W. Smith Outbound Authentication for Programmable Secure Coprocessors , 2002, ESORICS.

[16]  Li Wei-hua Preventing Phishing Attacks Using Trusted Computing Technology , 2008 .

[17]  Ahmad-Reza Sadeghi,et al.  TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[18]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[19]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[20]  Ahmad-Reza Sadeghi,et al.  Enabling Fairer Digital Rights Management with Trusted Computing , 2007, ISC.

[21]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[22]  Birgit Pfitzmann,et al.  The PERSEUS System Architecture , 2001 .

[23]  Renato J. O. Figueiredo,et al.  Guest Editors' Introduction: Resource Virtualization Renaissance , 2005, Computer.

[24]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[25]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[26]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[27]  Carsten Rudolph,et al.  Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[28]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[29]  Edward W. Felten,et al.  Understanding Trusted Computing: Will Its Benefits Outweigh Its Drawbacks? , 2003, IEEE Secur. Priv..

[30]  Ahmad-Reza Sadeghi,et al.  A protocol for property-based attestation , 2006, STC '06.

[31]  Jochen Liedtke,et al.  Toward real microkernels , 1996, CACM.

[32]  Srinivas Devadas,et al.  Virtual monotonic counters and count-limited objects using a TPM without a trusted OS , 2006, STC '06.

[33]  Thomas Friese,et al.  Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques , 2006, J. Parallel Distributed Comput..

[34]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[35]  Ahmad-Reza Sadeghi,et al.  Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[36]  Sean W. Smith,et al.  Bear: An Open-Source Virtual Secure Coprocessor based on TCPA , 2003 .

[37]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[38]  Sean W. Smith,et al.  Open-source applications of TCPA hardware , 2004, 20th Annual Computer Security Applications Conference.

[39]  Terry V. Benzel,et al.  Design Principles for Security , 2005 .

[40]  Ahmad-Reza Sadeghi,et al.  Secure Data Management in Trusted Computing , 2005, CHES.

[41]  Ulrich Kühn,et al.  Realizing property-based attestation and sealing with commonly available hard- and software , 2007, STC '07.

[42]  Wenbo Mao Innovations for Grid Security from Trusted Computing , 2006, Security Protocols Workshop.

[43]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[44]  Rolf Oppliger,et al.  Does trusted computing remedy computer security problems? , 2005, IEEE Security & Privacy Magazine.