Implementing an application-specific credential platform using late-launched mobile trusted module

Contemporary trusted execution environments provide a good foundation for implementing secure user credentials, but these are not properly bound to the application instances that implement their use. This paper introduces a framework for application-specific credentials and provides a prototype implementation using TCG MTM and DRTM technologies. Measurements and a security analysis is presented for the realised architecture.

[1]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[2]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[3]  Sven Bugiel,et al.  Trust in a small package: minimized MRTM software implementation for mobile secure environments , 2009, STC '09.

[4]  Kurt Dietrich An integrated architecture for trusted computing for java enabled embedded devices , 2007, STC '07.

[5]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[6]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[7]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[8]  Calton Pu,et al.  Reducing TCB complexity for security-sensitive applications: three case studies , 2006, EuroSys.

[9]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[10]  N. Asokan,et al.  On-board credentials with open provisioning , 2009, ASIACCS '09.

[11]  Jim Basney,et al.  A hardware-secured credential repository for Grid PKIs , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[12]  Ahmad-Reza Sadeghi,et al.  TruWallet: trustworthy and migratable wallet-based web authentication , 2009, STC '09.

[13]  Srinivas Devadas,et al.  Virtual monotonic counters and count-limited objects using a TPM without a trusted OS , 2006, STC '06.

[14]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[15]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[16]  Nicolai Kuntze,et al.  On the Deployment of Mobile Trusted Modules , 2007, 2008 IEEE Wireless Communications and Networking Conference.

[17]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[18]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[19]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[20]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[21]  Sang-Bum Suh,et al.  Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.