Building a Trusted Environment for Security Applications

Building a Trusted Environment for Security Applications

Giovanni Cabiddu (Politecnico di Torino, Italy), Antonio Lioy (Politecnico di Torino, Italy) and Gianluca Ramunno (Politecnico di Torino, Italy)
DOI: 10.4018/978-1-4666-4030-6.ch014
OnDemand PDF Download:
$37.50

Abstract

Security controls (such as encryption endpoints, payment gateways, and firewalls) rely on correct program execution and secure storage of critical data (such as cryptographic keys and configuration files). Even when hardware security elements are used (e.g. cryptographic accelerators) software is still—in the form of drivers and libraries—critical for secure operations. This chapter introduces the features and foundations of Trusted Computing, an architecture that exploits the low-cost TPM chip to measure the integrity of a computing platform. This allows the detection of static unauthorized manipulation of binaries (be them OS components or applications) and configuration files, hence quickly detecting software attacks. For this purpose, Trusted Computing provides enhanced security controls, such as sealed keys (that can be accessed only by good applications when the system is in a safe state) and remote attestation (securely demonstrating the software state of a platform to a remote network verifier). Besides the theoretical foundation, the chapter also guides the reader towards creation of applications that enhance their security by using the features provided by the underlying PC-class trusted platform.
Chapter Preview
Top

Trusted Computing

Computer security is normally associated to the concepts of data confidentiality and integrity and system availability. We rarely think of security as related to trust, but for special cases (e.g. when we talk of a trusted third-party in specific protocols, such as Kerberos). However all solutions to provide security rely on some software not being altered, being executed in the proper way, and behaving as expected: these three elements can be collectively associated to the word “trust.”

In social science, trust is a personal and fuzzy concept, but in the computer world, we are interested in a clear definition and exact quantitative evaluation. The Internet Security Glossary (Shirey, 2007) provides the following definitions:

Complete Chapter List

Search this Book:
Reset