Trusted Computing: Evolution and Direction

Trusted Computing: Evolution and Direction

Jeff Teo (Montreat College, USA)
DOI: 10.4018/978-1-60566-326-5.ch017
OnDemand PDF Download:
$37.50

Abstract

Computer attacks of all sorts are commonplace in today’s interconnected, globalized society. A computer worm, written and released in one part of the world, can now traverse cyberspace in mere minutes creating havoc and untold financial hardship and loss. To effectively combat such threats and other novel and sophisticated assaults, our network defenses must be equipped to thwart such attacks. Yet, our software-dominated defenses are woefully inadequate (Bellovin, 2001). The Trusted Computing Group (TCG) has embarked on a mission to use an open standards-based interoperability framework utilizing both hardware and software implementations to defend against computer attacks. Specifically, the TCG uses a trusted hardware called the trusted platform module (TPM) in conjunction with TPM-enhanced software to provide better protection against such attacks. While millions of TPMs have been shipped with more expected annually, adoption of trusted computing technology enabled by the devices has been slow, despite escalating security infractions. This chapter will detail a brief history of trusted computing (TC), the goals of the TCG, and the workings of trusted platforms. The chapter will also look into how the TPM enables roots of trust to afford improved trust and security.
Chapter Preview
Top

Introduction

Viruses, unauthorized access, loss of data due to laptop theft, and other computer attacks are common and escalating occurrences in today’s open computing platforms. As a result of these invasions, users and companies worldwide have suffered untold losses and negative publicity, and incurred tremendous costs (CSI/FBI, 2004; Deloitte, 2004; CSI/FBI, 2005; Deloitte, 2005; CSI/FBI, 2006; Deloitte, 2006; CSI 2007; Deloitte, 2007). Until recently, the Information Technology (IT) industry’s predominant approach to solving security problems was to develop more software-based solutions, even though “most security problems are caused by buggy software” (Bellovin, 2001, p. 131). Because the industry ignored the benefits that hardware implementation could bring (Neumann, 2003), the rampant computer attacks continued unabated.

In response, a group of leading technology companies including IBM, Microsoft, Hewlett Packard (HP), Intel and others formed the Trusted Computing Group (TCG). TCG is working to improve trust and security in today’s open computing platforms by utilizing both hardware and software based solutions. They favor vendor neutral, open standards based interoperability frameworks that operate across multiple platforms. TCG is incorporating hardware with a trusted platform module (TPM). This low-cost hardware device has several built-in features that will improve security and trust in today’s networked platforms. Beginning in 2006, 50 million TPM-equipped computers were shipped around the world, and TCG is aiming for even wider deployment across all computing platforms with an additional 250 million TPMs to be shipped by 2010 (TCG, 2005). Through this new framework, TCG hopes to enable all computing services to be performed in a more secure and reliable manner.

Even though millions of these TPMs have been embedded in today’s enterprise laptops and desktops, widespread adoption of this technology remains slow. What is hindering TPM adoption? Will TCG’s vision for improved computer security be realized so that the global community can operate more freely and safely in cyberspace? Can critical information, information systems, and networks be reliably and robustly protected? This chapter will address these questions by examining the concept of trust and the history of trusted computing, and providing an overview of the nature and functionality of trusted computing, trusted platforms, trusted platform module and related issues.

Complete Chapter List

Search this Book:
Reset
Editorial Advisory Board
Table of Contents
Foreword
Merrill Warkentin
Preface
Kenneth J. Knapp
Acknowledgment
Kenneth J. Knapp
Chapter 1
Jaziar Radianti, Jose J. Gonzalez
This chapter discusses the possible growth of black markets (BMs) for software vulnerabilities and factors affecting their spread. It is difficult... Sample PDF
Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for Vulnerabilities
$37.50
Chapter 2
Somak Bhattacharya, Samresh Malhotra, S. K. Ghosh
As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical... Sample PDF
An Attack Graph Based Approach for Threat Identification of an Enterprise Network
$37.50
Chapter 3
Robert F. Mills, Gilbert L. Peterson, Michael R. Grimaila
The purpose of this chapter is to introduce the insider threat and discuss methods for preventing, detecting, and responding to the threat. Trusted... Sample PDF
Insider Threat Prevention, Detection and Mitigation
$37.50
Chapter 4
Richard T. Gordon, Allison S. Gehrke
This chapter describes a methodology for assessing security infrastructure effectiveness utilizing formal mathematical models. The goal of this... Sample PDF
An Autocorrelation Methodology for the Assessment of Security Assurance
$37.50
Chapter 5
Ken Webb
This chapter results from a qualitative research study finding that a heightened risk for management has emerged from a new security environment... Sample PDF
Security Implications for Management from the Onset of Information Terrorism
$37.50
Chapter 6
Yves Barlette, Vladislav V. Fomin
This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A... Sample PDF
The Adoption of Information Security Management Standards: A Literature Review
$37.50
Chapter 7
Peter R. Marksteiner
Information overload is an increasingly familiar phenomenon, but evolving United States military doctrine provides a new analytical approach and a... Sample PDF
Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension
$37.50
Chapter 8
John W. Bagby
The public expects that technologies used in electronic commerce and government will enhance security while preserving privacy. These expectations... Sample PDF
Balancing the Public Policy Drivers in the Tension between Privacy and Security
$37.50
Chapter 9
Indira R. Guzman, Kathryn Stam, Shaveta Hans, Carole Angolano
The goal of our study is to contribute to a better understanding of role conflict, skill expectations, and the value of information technology (IT)... Sample PDF
Human Factors in Security: The Role of Information Security Professionals within Organizations
$37.50
Chapter 10
Nikolaos Bekatoros HN, Jack L. Koons III, Mark E. Nissen
The US Government is moving apace to develop doctrines and capabilities that will allow the Department of Defense (DoD) to exploit Cyberspace for... Sample PDF
Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within Computer Network Operations Organizations
$37.50
Chapter 11
Rodger Jamieson, Stephen Smith, Greg Stephens, Donald Winchester
This chapter outlines components of a strategy for government and a conceptual identity fraud enterprise management framework for organizations to... Sample PDF
An Approach to Managing Identity Fraud
$37.50
Chapter 12
Alanah Davis, Gert-Jan de Vreede, Leah R. Pietron
This chapter presents a repeatable collaboration process as an approach for developing a comprehensive Incident Response Plan for an organization or... Sample PDF
A Repeatable Collaboration Process for Incident Response Planning
$37.50
Chapter 13
Dean A. Jones, Linda K Nozick, Mark A. Turnquist, William J. Sawaya
A pandemic influenza outbreak could cause serious disruption to operations of several critical infrastructures as a result of worker absenteeism.... Sample PDF
Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures: Freight Transportation as an Illustration
$37.50
Chapter 14
Preeti Singh, Pranav Singh, Insu Park, JinKyu Lee
We live in a digital era where the global community relies on Information Systems to conduct all kinds of operations, including averting or... Sample PDF
Information Sharing: A Study of Information Attributes and their Relative Significance During Catastrophic Events
$37.50
Chapter 15
Gregory B. White, Mark L. Huson
The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are not corrupted or disrupted. Government... Sample PDF
An Overview of the Community Cyber Security Maturity Model
$37.50
Chapter 16
Doug White, Alan Rea
In this chapter the authors present essential server security components and develop a set of logical steps to build hardened servers. The authors... Sample PDF
Server Hardening Model Development: A Methodology-Based Approach to Increased System Security
$37.50
Chapter 17
Jeff Teo
Computer attacks of all sorts are commonplace in today’s interconnected, globalized society. A computer worm, written and released in one part of... Sample PDF
Trusted Computing: Evolution and Direction
$37.50
Chapter 18
Miguel Jose Hernandez y Lopez, Carlos Francisco Lerma Resendez
This chapter discusses the basic aspects of Honeypots, how they are implemented in modern computer networks, as well as their practical uses and... Sample PDF
Introduction, Classification and Implementation of Honeypots
$37.50
About the Contributors