Abstract
Trusted computing (TC) is a set of design techniques and operation principles to create a computing environment that the user can trust to behave as expected. This is important in general and vital for security applications. Among the various proposals to create a TC environment, the Trusted Computing Group (TCG) architecture is of specific interest nowadays because its hardware foundation – the trusted platformmodule (TPM)– is readily available in commodity computers and it provides several interesting features: attestation, sealing, and trusted signature. Attestation refers to integrity measures computed at boot time that can later be used to prove system integrity to a third party across a network. Sealing protects some data (typically application level cryptographic keys or configurations) in hardware so that it can be accessed only when the system is in a specific state (i.e., a specific set of software modules is running, from drivers up to applications). Trusted signature is performed directly by the hardware and is permitted only when the system is in a specific state. TC does not provide perfect protection for all possible attacks: it has been designed to counter software attacks and some hardware ones. Nonetheless it is an interesting tool to build secure systems, with special emphasis on the integrity of the operations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
U.S. Department of Defense: Trusted Computer Systems Evaluation Criteria (Orange Book) (National Computer Security Center, Fort Meade 1985)
F.B. Schneider (Ed.): Trust in Cyberspace (National Academy Press, Washington 1998)
R. Shirey: RFC 4949 – Internet Security Glossary, Version 2 (IETF, 2007)
R. Anderson: Security Engineering: a Guide to Building Dependable Distributed Systems (John Wiley and Sons, Indianapolis 2008)
P.G. Neumann: Architectures and formal representations for secure systems, SRI Project 6401, Deliverable A002 (Computer Science Laboratory, SRI International, 1995)
U.S. Department of Defense: Glossary of Computer Security Terms (Aqua Book) (National Computer Security Center, Fort Meade 1990)
Trusted Computing Group: TCG glossary, available at https://www.trustedcomputinggroup.org/developers/glossary/
C.J. Mitchell: Trusted Computing (Institution of Engineering and Technology, 2005)
T. Jaeger, R. Sailer, X. Zhang: Analyzing integrity protection in the SELinux example policy, Proc. 12th USENIX Security Symposium, Washington (2003) pp. 59–74
P. Kuliniewicz: SENG: an enhanced policy language for SELinux, Proc. SELinux Symposium and Developer Summit, Baltimore (2006)
KernelTrap: SELinux vs. OpenBSD’s default security, available at http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security (2007)
J. Loftus: With RHEL 5, Red Hat goes to bat for SELinux, available at http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39 _gci1259697,00.html (2007)
P.G. Neumann: Achieving principled assuredly trustworthy composable systems and networks, Proc. DISCEX, Washington (2003) pp. 182–187
The Fiasco: requirements definition, TU Dresden, Report TUD-FI98-12, available at http://os.inf.tu-dresden.de/paper_ps/fiasco-spec.ps.gz (December 1998)
DARPA: The composable high-assurance trustworthy systems (CHATS) project, http://www.csl.sri.com/users/neumann/chats.html (2004)
The European Multilaterally Secure Computing Base (EMSCB) project – towards trustworthy systems with open standards and trusted computing, http://www.emscb.de
D. Kuhlmann, R. Landfermann, H.V. Ramasamy, M. Schunter, G. Ramunno, D. Vernizzi: An open trusted computing architecture – secure virtual machines enabling user-defined policy enforcement, IBM Research Report RZ 3655 (2006)
H. Löhr, A. Sadeghi, C. Stüble, M. Weber, M. Winandy: Modeling trusted computing support in a protection profile for high assurance security kernels, Proc. TRUST-2009, Oxford (2009) pp. 45–62
BSI and Sirrix AG security technologies: Protection profile for a high-security kernel (HASK-PP), v. 1.14 (2008)
J.M. McCune, B. Parno, A. Perrig, M.K. Reiter, A. Seshadri: How low can you go? Recommendations for hardware-supported minimal TCB code execution, SIGARCH Comput. Archit. News 36(1), 14–25 (2008)
Trusted Computing Group: TCG specification architecture overview, Revision 1.4 (2007)
Intel: Intel trusted execution technology (TXT), Measured Launched Environment Developer’s Guide, Document Number: 315168-005 (2008)
AMD: AMD64 virtualization codenamed “Pacifica” technology, Secure Virtual Machine Architec ture Reference Manual, Publication No. 33047, Revision 3.01 (2005)
AMD: AMD I/O virtualization technology (IOMMU) specification, Publication No. 34434, Revision 1.26 (2009)
D. Grawrock: Dynamics of a trusted platform (Intel Press, 2008)
Trusted Computing Group: TCG TPM main Part 1 design principles, Version 1.2 Level 2 Revision 103 (2007)
Trusted Computing Group: TCG TPM main Part 2 TPM structures, Version 1.2 Level 2 Revision 103 (2007)
Trusted Computing Group: TCG TPM main Part 3 commands, Version 1.2 Level 2 Revision 103 (2007)
J. Jonsson, B. Kaliski: RFC-3447 – PKCS #1: RSA cryptography standard, IETF (2002)
Trusted Computing Group: TCG PC client specific implementation specification for conventional BIOS, Version 1.2 Final Revision 1.00 (2005)
Trusted Computing Group: TCG PC client specific TPM interface specification (TIS), Version 1.2 Final Revision 1.00 (2005)
Trusted Computing Group: TCG Infrastructure Working Group (IWG) subject key attestation evidence extension, Version 1.0 Revision 7 (2005)
F. Armknecht, Y. Gasmi, A.R. Sadeghi, P. Stewin, M. Unger, G. Ramunno, D. Vernizzi: An efficient implementation of trusted channels based on OpenSSL, Proc. 3rd ACM workshop on Scalable Trusted Computing, Fairfax (2008) pp. 41–50
E. Brickell, J. Camenisch, L. Chen: Direct anonymous attestation, Proc. 11th ACM Conf. on Computer and Communications Security, Washington (2004) pp. 132–145
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Lioy, A., Ramunno, G. (2010). Trusted Computing. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-04117-4_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04116-7
Online ISBN: 978-3-642-04117-4
eBook Packages: EngineeringEngineering (R0)