Secure bootstrap is not enough: shoring up the trusted computing base

Authors:
James Hendricks;Leendert van Doorn
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;IBM T.J. Watson Research Center, Hawthorne, NY
Venue:
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Year:
2004

Citing 6
Cited 5

Architectural support for copy and tamper resistant software

ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
AEGIS: architecture for tamper-evident and tamper-resistant processing

ICS '03 Proceedings of the 17th annual international conference on Supercomputing
A Trusted Open Platform

Computer
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Metadata Efficiency in Versioning File Systems

FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Attacking the BitLocker Boot Process

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
NetQuery: a knowledge plane for reasoning about network properties

Proceedings of the ACM SIGCOMM 2011 conference
Trusted firmware services based on TPM

INTRUST'09 Proceedings of the First international conference on Trusted Systems
Operating system support for redundant multithreading

Proceedings of the tenth ACM international conference on Embedded software
On device authentication in wireless networks: present issues and future challenges

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose augmenting secure boot with a mechanism to protect against compromises to field-upgradeable devices. In particular, secure boot standards should verify the firmware of all devices in the computer, not just devices that are accessible by the host CPU. Modern computers contain many autonomous processing elements, such as disk controllers, disks, network adapters, and coprocessors, that all have field-upgradeable firmware and are an essential component of the computer system's trust model. Ignoring these devices opens the system to attacks similar to those secure boot was engineered to defeat.