A practical property-based bootstrap architecture. Korthaus, R., Sadeghi, A., R., Stüble, C., & Zhan, J. In Proceedings of the ACM Workshop on Scalable Trusted Computing (STC), pages 29-38, 2009. ACM.
A practical property-based bootstrap architecture [link]Website  abstract   bibtex   
Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously. In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party. Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a "Property-Based Secure Boot". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.
@inProceedings{
 title = {A practical property-based bootstrap architecture},
 type = {inProceedings},
 year = {2009},
 identifiers = {[object Object]},
 keywords = {mtm,platform-configuration,pnt,pragmatic-approach,secure-computing,security,software-integrity,tcg,trust,trusted-computing},
 pages = {29-38},
 websites = {http://dx.doi.org/10.1145/1655108.1655114},
 publisher = {ACM},
 id = {1827cbbf-a78a-310d-a89a-efa54f3f5ed2},
 created = {2018-07-12T21:31:57.100Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:57.100Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {korthaus:stc2009},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously. In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party. Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a "Property-Based Secure Boot". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.},
 bibtype = {inProceedings},
 author = {Korthaus, René and Sadeghi, Ahmad R and Stüble, Christian and Zhan, Jing},
 booktitle = {Proceedings of the ACM Workshop on Scalable Trusted Computing (STC)}
}

Downloads: 0