Taming “Trusted Platforms” by Operating System Design

Sadeghi, Ahmad-Reza; Stüble, Christian

doi:10.1007/978-3-540-24591-9_22

Cited by 21 publications

(14 citation statements)

References 12 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This may happen until the adoption of next-generation computing platforms, like Palladium/ TCPA, that allow content providers to gain much power and control over the use of digital content and users private information (Sadeghi and Stuble, 2004).…”

Section: Useful Information For a Digital Investigationmentioning

confidence: 99%

Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

Castiglione

Santis

Soriente

2007

Journal of Systems and Software

View full text Add to dashboard Cite

Section: Useful Information For a Digital Investigationmentioning

confidence: 99%

Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

Castiglione

Santis

Soriente

2007

Journal of Systems and Software

View full text Add to dashboard Cite

“…Typically, on PC and serverbased platforms, Virtualization approaches [16], [4], [12], [15] are used to fulfill the isolation requirement of TCG-MPRA. Specifically, the operating system (OS), runtime environment, resources and applications of a domain are located in a dedicated virtual machine (VM) so that a virtual machine monitor (VMM) or hypervisor assures the isolation of individual domains.…”

Section: Background Informationmentioning

confidence: 99%

A Trusted Mobile Phone Prototype

Acıiçmez

Latifi

Seifert

et al. 2008

2008 5th IEEE Consumer Communications and Networking Conference

View full text Add to dashboard Cite

Abstract-Due to the increasing security demands in mobile devices, the Trusted Computing Group (TCG) formed a dedicated Mobile Phone Working Group (MPWG) to address these security needs. MPWG recently released a Trusted Mobile Phone Reference Architecture (TCG-MPRA) specification that integrates well-known security concepts (TPM, isolation, Integrity Measurement and Verification (IMV), etc.) from the trusted PC universe, tailored for mobile phones. The business needs of the mobile phone industry mandate 4 different stakeholders (platform owners): device manufacturer, cellular service provider, general service provider, and the end-user. The specification requires separate trusted and isolated operational domains (Trusted Engines) for each stakeholder. Although the TCG MPWG does not explicitly prescribe a specific technical realization of these trusted engines, a general consensus is use of established (Trusted) Virtualization concepts from corresponding PC architectures. However, we will demo another isolation technique specifically crafted for mobile platforms that respects their resource limitations. We achieve this goal by realizing the MPWG specification by leveraging SELinux which provides a generic domain isolation concept at the kernel level. In addition to utilizing SELinux to realize mobile phone specific (isolated) operational domains, we are also able to seamlessly integrate the important IMV concept into our SELinux-based Trusted Mobile Phone architecture. In our demo we will present a hardware prototype, representing a generic mobile phone, implementing the TCG MPWG specification. First, we will "Securely Boot" our TC-aware SELinux kernel out of a hardware Mobile Trusted Module (MTM). Next, we will show how easy and efficient we can realize the 4 isolated Trusted Engines. The value of the Trusted Engines and the fundamental IMV principle will be demonstrated through successful mitigation of two automatic Linux cell-phone worms. The prototype in this demo is in effect, the world's first novel, efficient and inherently secure implementation of MPWG specification.

show abstract

“…Some applications to P2P systems are discussed by Zhang et al [34,40]. Applications in other domains are discussed by several authors including [4,14,26,27,35,36,37].…”

Section: Trusted Computingmentioning

confidence: 99%

Secure information sharing enabled by Trusted Computing and PEI models

Sandhu

Ranganathan

Zhang

2006

Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

The central goal of secure information sharing is to "share but protect" where the motivation to "protect" is to safeguard the sensitive content from unauthorized disclosure (in contrast to protecting the content to avoid loss of revenue as in retail Digital Rights Management). This elusive goal has been a major driver for information security for over three decades. Recently, the need for secure information sharing has dramatically increased with the explosion of the Internet and the convergence of outsourcing, offshoring and B2B collaboration in the commercial arena and the real-world demonstration of the tragic consequences of lack of information sharing in the national security arena. As technology has made the "share" aspect ever easier so has it increased the difficulty of enforcing the "protect" aspect. The central contribution of this paper is to show that the emergence of industrial strength Trusted Computing (TC) technology offers a range of novel solutions to the longstanding problem of secure information sharing. To this end we introduce a new framework of three layered models to analyze requirements and develop solutions, and demonstrate the application of this framework in context of TC and secure information sharing. The three layers are policy models (topmost), enforcement models (middle), and implementation models (bottom). Hence the name PEI models. At the policy model layer the secure information sharing space is divided into three categories called password based, device based, and credential based. For each of these policy categories various enforcement and implementation models can be developed. While we believe the PEI framework is relevant to security problems beyond secure information sharing, our goal in this paper is to demonstrate its application in this particular arena and identify questions for future research in this context. An essential benefit of PEI is that the three layers allow us to focus on the more important issues at a higher level of abstraction at the policy and enforcement layers, while leaving deep detail to the implementation layer. This paper focusses on the policy and enforcement layers with only passing mention of the implementation layer.

show abstract

Taming “Trusted Platforms” by Operating System Design

Cited by 21 publications

References 12 publications

Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

Taking advantages of a disadvantage: Digital forensics and steganography using document metadata

A Trusted Mobile Phone Prototype

Secure information sharing enabled by Trusted Computing and PEI models

Contact Info

Product

Resources

About