Bear: An Open-Source Virtual Secure Coprocessor based on TCPA

This paper reports on our ongoing project to use TCPA to transform a desktop Linux machine into a virtual secure coprocessor: more powerful but less secure than higher-end devices. We use TCPA hardware and modified boot loaders to protect fairly static components, such as a trusted kerne l; we use an enforcer module—configured as Linux Security Module—to protected more dynamic system components; we use an encrypted loopback filesystem to protect highly dynamic components. All our code is open source and available under GPL fromhttp://enforcer.sourceforge.net/.

[1]  Tal Garfinkel,et al.  Flexible OS Support and Applications for Trusted Computing , 2003, HotOS.

[2]  Sean W. Smith,et al.  WebALPS: a survey of E-commerce privacy and security applications , 2001, SECO.

[3]  Leendert van Doorn,et al.  Take control of TCPA , 2003 .

[4]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[5]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[6]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[7]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[8]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[9]  Sean W. Smith,et al.  Privacy-enhanced credential services , 2003 .

[10]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[11]  Sean W. Smith,et al.  Securing Web servers against insider attack , 2001, Seventeenth Annual Computer Security Applications Conference.

[12]  I. G. BONNER CLAPPISON Editor , 1960, The Electric Power Engineering Handbook - Five Volume Set.

[13]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[14]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[15]  Lance J. Hoffman,et al.  BITS: a smartcard protected operating system , 1994, CACM.

[16]  David R. Safford The Need for TCPA , 2002 .

[17]  David R. Safford Clarifying Misinformation on TCPA , 2002 .

[18]  Paul England,et al.  Authenticated Operation of Open Computing Devices , 2002, ACISP.

[19]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[21]  Sean W. Smith,et al.  Trusted S/MIME Gateways , 2003 .