Synopses & Reviews
How can one trust computation taking place at a remote site, particularly if a party at that site might have motivation to subvert this trust? In recent years, industrial efforts have advanced the notion of a "trusted computing platform" as a building block. Through a conspiracy of hardware and software magic, these platforms attempt to solve this remote trust problem, to preserve various critical properties against various types of adversaries. However, these current efforts are just points on a larger continuum, which ranges from earlier work on secure coprocessor design and applications, through TCPA/TCG, to recent academic developments. Without wading through stacks of theses and research literature, the general computer science reader cannot see this big picture. Trusted Computing Platforms:Design and Applications fills this gap. Starting with early prototypes and proposed applications, this book surveys the longer history of amplifying small amounts of hardware security into broader system security---and reports real case study experience with security architecture and applications on multiple types of platforms. The author examines the theory, design, implementation of the IBM 4758 secure coprocessor platform and discusses real case study applications that exploit the unique capabilities of this platform. The author discusses how these foundations grow into newer industrial designs, and discusses alternate architectures and case studies of applications that this newer hardware can enable. The author closes with an examination of more recent cutting-edge experimental work in this area. Trusted Computing Platforms:Design and Applications is written for security architects, application designers, and the general computer scientist interested in the evolution and uses of this emerging technology.
From early prototypes and proposed applications, this book surveys the longer history of amplifying small amounts of hardware security into broader system security Including real case study experience with security architecture and applications on multiple types of platforms. Examines the theory, design, implementation of the IBM 4758 secure coprocessor platform and discusses real case study applications that exploit the unique capabilities of this platform. Examines more recent cutting-edge experimental work in this area. Written for security architects, application designers, and the general computer scientist interested in the evolution and use of this emerging technology.
About the Author
Sean Smith is currently on the faculty of the Department of Computer Science at Dartmouth College, serves as director of the Cyber Security and Trust Research Center at Dartmouth's Institute for Security Technology Studies, and also serves as Principal Investigator of the Dartmouth PKI Lab. His current research and teaching focus on how to build trustworthy systems in the real world. He previously worked as a scientist at IBM T.J. Watson Research Center, doing secure coprocessor design, implementation and validation; and at Los Alamos National Laboratory, doing security designs and analyses for a wide range of public-sector clients. Dr. Smith was educated at Princeton (B.A., Math) and Carnegie Mellon (M.S., Ph.D., Computer Science).
Table of Contents
1 Introduction. 1.1 Trust and Computing. 1.2 Instantiations. 1.3 Design and Applications. 1.4 Progression. 2 Motivating Scenarios. 2.1 Properties. 2.2 Basic Usage. 2.3 Examples of Basic Usage. 2.4 Position and Interest. 2.5 Examples of Positioning. 2.6 The Idealogical Debate. 2.7 Further Reading. 3 Attacks. 3.1 Physical Attacks. 3.2 Software Attacks. 3.3 Side-channel Analysis. 3.4 Undocumented Functionality. 3.5 Erasing Data. 3.6 System Context. 3.7 Defensive Strategy. 3.8 Further Reading. 4 Foundations. 4.1 Applications and Integration. 4.2 Architectures. 4.3 Booting. 4.4 The Defense Community. 4.5 Further Reading. 5 Design Challenges. 5.1 Context. 5.2 Obstacles. 5.3 Requirements. 5.4 Technology Decisions. 5.5 Further Reading. 6 Platform Architecture. 6.1 Overview. 6.2 Erasing Secrets. 6.3 The Source of Secrets. 6.4 Software Threats. 6.5 Code Integrity. 6.6 Code Loading. 6.7 Putting it All Together. 6.8 What's Next. 6.9 Further Reading. 7 Outbound Authentication. 7.1 Problem. 7.2 Theory. 7.3 Design and Implementation. 7.4 Further Reading. 8 Validation. 8.1 The Validation Process. 8.2 Validation Strategy. 8.3 Formalizing Security Properties. 8.4 Formal Verification. 8.5 Other Validation Tasks. 8.6 Reflection. 8.7 Further Reading. 9 Application Case Studies. 9.1 Basic Building Blocks. 9.2 Hardened Web Servers 9.3 Rights Management for Big Brother's Computer. 9.4 Private Information. 9.5 Other Projects. 9.6 Lessons Learned. 9.7 Further Reading. 10 TCPA/TCG. 10.1 Basic Structure. 10.2 Outbound Authentication. 10.3 Physical Attacks. 10.4 Applications. 10.5 Experimentation. 10.6 TPM 1.2 Changes. 10.7 Further Reading. 11 Experimenting with TCPA/TCG. 11.1 Desired Properties. 11.2 The Lifetime Mismatch. 11.3 Architecture. 11.4 Implementation Experience. 11.5 Application: Hardened Apache. 11.6 Application: OpenCA. 11.7 Application: Compartmented Attestation. 11.8 Further Reading. 12 New Horizons. 12.1 Privilege Architectures. 12.2 Hardware Research. 12.3 Software Research. 12.4 Current Industrial Platforms. 12.5 Looming Industry Platforms. 12.6 Secure Coprocessing Revisited. 12.7 Further Reading. Glossary. References. About the Author. Index.