Taming “Trusted Platforms” by Operating System Design

  • Ahmad-Reza Sadeghi
  • Christian Stüble
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2908)


Experiences of the past have shown that common computing platforms lack security due to architectural problems and complexity. In this context, Microsoft Palladium (Pd) and TCPA are announced to be the next-generation computing platforms, and claimed to improve users’ security. However, people are concerned about those capabilities of TCPA/Pd that may allow content providers to gain too much power and control over the use of digital content and users’ private information.

In this paper, we argue that TCPA/Pd can increase the security of computing platforms by faithfully designing the operating system. Moreover, we discuss how interferences between digital rights management capabilities and end-user security can be prevented. Our results are based on the fact that even with TCPA/Pd platforms the operating system has enough control over the platform to prevent misuse by both content providers and end-users.

We argue that such a trustworthy operating system, that is secure in the sense of multilateral security, can be developed without much effort by efficiently combining the ideas of security kernels and state of the art of operating system technology. We propose a new architecture for a trustworthy security platform that uses TCPA/Pd hardware features in conjunction with an open-source security kernel we have developed. Our security kernel provides backward-compatibility to the Linux operating system. The layered design and its lightweightness allows an easy migration to other hardware platforms like PDAs, mobile phones, and embedded systems.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alkassar, A., Stüble, C.: Towards secure IFF — preventing mafia fraud attacks. In: Proceedings of IEEE Military Conference, MILCOM (2002)Google Scholar
  2. 2.
    Anderson, R.J.: Security Engineering — A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester (2001)Google Scholar
  3. 3.
    Anderson, R.J.: Security in open versus closed systems — the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, England (2002)Google Scholar
  4. 4.
    Anderson, R.J.: The TCPA/Palladium FAQ (2002), http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
  5. 5.
    Anderson, R.J., Kuhn, M.: Tamper resistance – a cautionary note. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce [38], pp. 1–11Google Scholar
  6. 6.
    Antonakos, J.L.: The Pentium Microprocessor. Prentice Hall Inc., Englewood Cliffs (1997)Google Scholar
  7. 7.
    Arbaugh, W.A.: Improving the TCPA specification. IEEE Computer, 77–79 (August 2002)Google Scholar
  8. 8.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1997, pp. 65–71. IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press (1997)Google Scholar
  9. 9.
    Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating public terminals. Computer Networks 31(8), 861–870 (1999)CrossRefGoogle Scholar
  10. 10.
    Carroll, A., Juarez, M., Polk, J., Leininger, T.: Microsoft ”Palladium”: A business overview. Technical report, Microsoft Content Security Business Unit (August 2002)Google Scholar
  11. 11.
    Carroll, A., Juarez, M., Polk, J., Leininger, T.: Microsoft “Palladium”: A business overview — combining microsoft windows features, personal computing hardware, and software applications for greater security, personal privacy and system integrity. White paper, Microsoft Windows Trusted Platform Technologies (July 2002)Google Scholar
  12. 12.
    Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation, Version 2.1, adopted by ISO/IEC as ISO/IEC International Standard (IS) 15408 1–3 (August 1999), Available from http://csrc.ncsl.nist.gov/cc/ccv20/ccv2list.htm
  13. 13.
    M. Corporation. Building a secure platform for trustworthy computing. White paper, Microsoft Corporation (December 2002) Google Scholar
  14. 14.
    M. Corporation. Microsoft ”Palladium” technical FAQ, http://www.microsoft.com (August 2002)
  15. 15.
    Eastlake, D.E., Crocker, S.D., Schiller, J.I.: Randomness requirements for security. Internet Request for Comment RFC 1750, Internet Engineering Task Force (December 1994)Google Scholar
  16. 16.
    Fraim, L.: SCOMP: A solution to the multilevel security problem. IEEE Computer, 26–34 (July 1983)Google Scholar
  17. 17.
    Gasser, M.: Building a Secure Computer System. Van Nostrand Reinhold Co., New York (1988)Google Scholar
  18. 18.
    Gefflaut, A., Jaeger, T., Park, Y., Liedke, J., Elphistone, K.J., Uhlig, V., Tidswell, J.E., Deller, L., Reuter, L.: The SawMill multiserver approach. In: ACM SIGOPS European Workshop (September 2000)Google Scholar
  19. 19.
    Gutmann, P.: Software generation of practically strong random numbers. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, USA, USENIX (January 1998)Google Scholar
  20. 20.
    Härtig, H., Hohmuth, M., Wolter, J.: Taming linux. In: Proceedings of PART 1998. TU Dresden (1998)Google Scholar
  21. 21.
    Härtig, H., Kowalski, O., Kühnhauser, W.: The BirliX security architecture. Journal of Computer Security 2(1), 5–21 (1993)Google Scholar
  22. 22.
    Jaeger, T., Elphinstone, K., Liedtke, J., Panteleenko, V., Park, Y.: Flexible access control using IPC redirection. In: Hot Topics in Operating Systems (HotOS VII), pp. 191–196, Rio Rico, AZ (March 1999)Google Scholar
  23. 23.
    Leslie, B., Heiser, G.: Towards untrusted device drivers. Technical Report UNSW-CSE-TR-0303, School of Computer Science and Engineering (March 2003)Google Scholar
  24. 24.
    Liedke, J.: Clans and Chiefs. a new kernel level concept for operating systems. Working paper, GMD (1991)Google Scholar
  25. 25.
    Liedke, J.: Towards real micro-kernels. Communications of the ACM 39(9) (1996)Google Scholar
  26. 26.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. Technical report, U.S. National Security Agency (NSA) (February 2001)Google Scholar
  27. 27.
    Mundie, C., de Vries, P., Haynes, P., Corwine, M.: Microsoft whitepaper on trustworthy computing. Technical report, Microsoft Corporation (October 2002)Google Scholar
  28. 28.
    Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)Google Scholar
  29. 29.
    Raymond, E.S.: The cathedral and the bazaar (August 1998), http://www.openresources.com/documents/cathedral-bazaar/
  30. 30.
    Safford, D.: Clarifying misinformation on TCPA. White paper, IBM Research (October 2002)Google Scholar
  31. 31.
    Safford, D.: The need for TCPA. White paper, IBM Research (October 2002)Google Scholar
  32. 32.
    Schneier, B.: Palladium and the TCPA, http://www.counterpane.com/crypto-gram-0208.html#1
  33. 33.
    Schoen, S.: Palladium details (2002), http://www.activewin.com/articles/2002/pd.shtml
  34. 34.
    Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: a fast capability system. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP 1999), pp. 170–185. Kiawah Island Resort, near Charleston, Sout Carolina (December 1999); Appeared as ACM Operating Systems Review 33.5Google Scholar
  35. 35.
    Trusted Computing Platform Alliance (TCPA). TCPA PC specific implementation specification Version 1.00 (September 2001) Google Scholar
  36. 36.
    Trusted Computing Platform Alliance (TCPA). Main specification, Version 1.1b (February 2002) Google Scholar
  37. 37.
    Tygar, J.D., Whitten, A.: WWW electronic commerce and Java Trojan horses. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce [38], pp. 243–250Google Scholar
  38. 38.
    USENIX. Proceedings of the 2nd USENIX Workshop on Electronic Commerce, Oakland, California (November 1996) Google Scholar
  39. 39.
    Wheeler, D.A.: More than a gigabuck: Estimating GNU/Linux’s size (June 2001), http://www.dwheeler.com/sloc/
  40. 40.
    Wintermute. TCPA and Palladium technical analysis (December 2002), http://wintermute.homelinux.org/miscelanea/TCPASecurity.txt
  41. 41.
    Zimmerman, P.: The Official PGP User’s Guide. prz@acm.org, The MIT Press (1994) (in press), More in http://www.pegasus.esprit.ec.org/people/arne/pgp.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ahmad-Reza Sadeghi
    • 1
  • Christian Stüble
    • 2
  1. 1.Institute for Information and Communication SecurityRuhr-University BochumBochumGermany
  2. 2.Security and Cryptography GroupSaarland UniversitySaarbrückenGermany

Personalised recommendations