Feasibility study of dynamic Trusted Platform Module

Abstract

A Trusted Platform Module (TPM) authenticates general purpose computing platforms. This is done by taking platform integrity measurement and comparing it with a precomputed value at boot-time. Existing TPM architectures do not support run-time integrity checking of a program on the platform. Attackers can modify the program after it has been verified at the Time Of Check (TOC) and before its Time Of Use (TOU). In this paper we study the feasibility of integrating a dynamic on-chip TPM (DTPM) into the core processor pipeline to protect against TOCTOU attacks. We explore the challenges involved in designing DTPM and describe techniques to improve its performance. The proposed DTPM has 2.5% area overhead and 18% performance impact when compared to a single processor core without DTPM.