René Korthaus, A. Sadeghi, Christian Stüble, Jing Zhan
{"title":"一个实用的基于属性的引导体系结构","authors":"René Korthaus, A. Sadeghi, Christian Stüble, Jing Zhan","doi":"10.1145/1655108.1655114","DOIUrl":null,"url":null,"abstract":"Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously.\n In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party.\n Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a \"Property-Based Secure Boot\". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"A practical property-based bootstrap architecture\",\"authors\":\"René Korthaus, A. Sadeghi, Christian Stüble, Jing Zhan\",\"doi\":\"10.1145/1655108.1655114\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously.\\n In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party.\\n Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a \\\"Property-Based Secure Boot\\\". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.\",\"PeriodicalId\":401412,\"journal\":{\"name\":\"Scalable Trusted Computing\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Scalable Trusted Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1655108.1655114\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scalable Trusted Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1655108.1655114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously.
In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party.
Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a "Property-Based Secure Boot". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
