Open-Source Applications of TCPA Hardware

Marchesini, John; Smith, Sean W.; Wild, Omen; Stabiner, Josh; Barsamian, A.

doi:10.1109/csac.2004.25

Cited by 60 publications

(40 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike the first task (e.g., [14,15,16]) and the third task (e.g., [17,18,19,20]), the second task has, until now, not been addressed in detail. Although protocols have been developed, those published are in the form of programming language-dependent and TPM library-dependent source code, without any security analysis.…”

Section: Related Workmentioning

confidence: 99%

Securing the Distribution and Storage of Secrets with Trusted Platform Modules

Sevinç

Strasser

Basin

2007

Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

Securing the Distribution and Storage of Secrets with Trusted Platform Modules

Sevinç

Strasser

Basin

2007

Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems

View full text Add to dashboard Cite

show abstract

“…For example, the superuser can use a debugger to read the memory location where the secret is loaded after it is released from the TPM. To solve this problem, Marchesini et al, in their later work [20] added Security Enhanced Linux (SELinux) to the Enforcer to provide software compartments to limit the superuser. SELinux [26,27] is a Flask-based operating system that offers mandatory role-based access control.…”

Section: Adding Selinuxmentioning

confidence: 99%

“…This project builds on our previous Enforcer Linux and SELinux projects [19,20,21], and uses the 1.1b TPM from the Trusted Computing Group (TCG) (formerly the Trusted Computing Platform Alliance, TCPA) [22,23].…”

Section: Our Solutionmentioning

confidence: 99%

Preventing theft of quality of service on open platforms

Baek

Smith

Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Marchesini et al [15] use OS hardening to create "software compartments" which are isolated from each other and cannot be accessed by a "root spy". Based thereon, their design provides "compartmentalized attestation", i.e.…”

Section: Related Workmentioning

confidence: 99%

Enabling Fairer Digital Rights Management with Trusted Computing

Sadeghi

Wolf

Stüble³

et al.

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Today, digital content is routinely distributed over the Internet, and consumed in devices based on open platforms. However, on open platforms users can run exploits, reconfigure the underlying operating system or simply mount replay attacks since the state of any (persistent) storage can easily be reset to some prior state. Faced with this difficulty, existing approaches to Digital Rights Management (DRM) are mainly based on preventing the copying of protected content thus protecting the needs of content providers. These inflexible mechanisms are not tenable in the long term since their restrictiveness prevents reasonable usage scenarios, and even honest users may be tempted to circumvent DRM systems. In this paper we present a security architecture and the corresponding reference implementation that enables the secure usage and transfer of stateful licenses (and content) on a virtualized open platform. Our architecture allows for openness while protecting security objectives of both users (flexibility, fairer usage, and privacy) and content providers (license enforcement). In particular, it prevents replay attacks that is fundamental for secure management and distribution of stateful licenses. Our main objective is to show the feasibility of secure and fairer distribution and sharing of content and rights among different devices. Our implementation combines virtualization technology, a small security kernel, trusted computing functionality, and a legacy operating system (currently Linux). Keywords. Trusted Computing, security architectures, stateful licenses⋆ Full version appears as a technical report HGI-TR-2007-002 in [24]. MotivationTimo was about to board a train home when he noticed an advertisement for a wireless kiosk selling the first album from a new band. He took out his music phone, connected the kiosk which was already visible in his music gallery application, and with a few clicks downloaded a preview copy of the lead song in the album. While on board the train, Timo listened to the song and liked it so much that he listened to it once more. When he tried to listen a third time, the phone told him that he had finished the free previews, but can buy a full license. He bought the full license with a few more clicks and could listen to the song with no constraints. When he got home, he transferred the song to his home stereo system. When Anna visited Timo, he played the new song to her. She wanted a copy of her own. Timo used the remote control of his stereo system to lend a copy to Anna's music phone for a week. Timo's copy of the song remained disabled for a week while Anna was enjoying the song.This and other similar scenarios for trading and using digital goods involve policies whose enforcement requires the enforcement mechanism to securely maintain state information about past usage or environmental factors. They can be enforced by using stateful licenses. Some e-business applications already deploy such (mostly proprietary) stateful licences to sell certain digital goods (online vide...

show abstract

Open-Source Applications of TCPA Hardware

Abstract: Abstract

Cited by 60 publications

References 13 publications

Securing the Distribution and Storage of Secrets with Trusted Platform Modules

Securing the Distribution and Storage of Secrets with Trusted Platform Modules

Preventing theft of quality of service on open platforms

Enabling Fairer Digital Rights Management with Trusted Computing

Contact Info

Product

Resources

About