The Trusted Computing Group (TCG) is an industry consortium which has invested in the design of a small piece of hardware (roughly a smartcard), called a Trusted Platform Module (TPM), and associated APIs and protocol...
详细信息
ISBN:
(纸本)9781595931085
The Trusted Computing Group (TCG) is an industry consortium which has invested in the design of a small piece of hardware (roughly a smartcard), called a Trusted Platform Module (TPM), and associated APIs and protocols which are supposed to help increase the reliability of TPM-endowed computing platforms (trusted platforms). The TCG envisions that boot loaders, OSes and applications programs on trusted platforms will all collaborate in building a cryptographic hash chain which represents the current execution state of the platform, and which resides on the TPM. Remote sites can then verify that the platform in question is "in a trusted state" by requesting the TPM to produce a signed data blob containing the value of this hash chain, which can then be compared against a library of recognized ("trusted") values; this process is called remote attestation, and the whole picture is sometimes referred to as integrity-based computing (IBC).We argue that there is a fundamental gap between the stated goals of the TCG's IBC and the central technology that is intended to achieve these goals, which gap is simply that remote attestation asks the attesting platform to answer the wrong question - the platform is not attesting to its security state, but rather to its execution state, and this underlies all of the troublesome use cases, as well as a number of the practical difficulties, of the TCG world-view. One response to this is to replace standard TCG attestation with property-based attestation (PBA), which places the emphasis on deriving security properties from (potentially) elaborate trust models and conditional statements of security property dependencies. Herein the central rôle for IBC of trust and deriving consequences from precise trust models becomes ***, we claim that the TCG's own remote attestation is most properly viewed in fact as a form of PBA, with a certain simple trust model and database of security properties. From this point of view, it becomes cl
暂无评论