Outbound Authentication for Programmable Secure Coprocessors
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Open-Source Applications of TCPA Hardware
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A protocol for property-based attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Realizing property-based attestation and sealing with commonly available hard- and software
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Model-based behavioral attestation
Proceedings of the 13th ACM symposium on Access control models and technologies
Extending IPsec for efficient remote attestation
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Practical property-based attestation on mobile devices
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Usage control enforcement - a survey
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Plug-n-trust: practical trusted sensing for mhealth
Proceedings of the 10th international conference on Mobile systems, applications, and services
Hi-index | 0.00 |
Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously. In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party. Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a "Property-Based Secure Boot". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.