Affiliation:
1. Politecnico di Torino, Italy
Abstract
Security controls (such as encryption endpoints, payment gateways, and firewalls) rely on correct program execution and secure storage of critical data (such as cryptographic keys and configuration files). Even when hardware security elements are used (e.g. cryptographic accelerators) software is still—in the form of drivers and libraries—critical for secure operations. This chapter introduces the features and foundations of Trusted Computing, an architecture that exploits the low-cost TPM chip to measure the integrity of a computing platform. This allows the detection of static unauthorized manipulation of binaries (be them OS components or applications) and configuration files, hence quickly detecting software attacks. For this purpose, Trusted Computing provides enhanced security controls, such as sealed keys (that can be accessed only by good applications when the system is in a safe state) and remote attestation (securely demonstrating the software state of a platform to a remote network verifier). Besides the theoretical foundation, the chapter also guides the reader towards creation of applications that enhance their security by using the features provided by the underlying PC-class trusted platform.
Reference34 articles.
1. Alam, M., Zhang, X., Nauman, M., Ali, T., & Seifert, J. (2008). Model-based behavioral attestation. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, (pp. 175-184). ACM.
2. AMD. (2005). AMD64 virtualization codenamed ‘‘pacifica’’ technology. Publication No. 33047. Secure Virtual Machine Architecture Reference Manual, Revision 3.01.
3. Americas. (2008). Security and trust in mobile applications. Technical Report. Retrieved September 16, 2012, from http://www.gemalto.com/telecom/download/security_trust_in_mobile_applications.pdf
4. Armknecht, F., Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Ramunno, G., et al. (2008). An efficient implementation of trusted channels based on OpenSSL. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, (pp. 41-50). ACM.
5. The Trusted Platform Agent