An ongoing Game of Tetris: Integrating Trusted Computing in Java, block-by-block

  • Ronald Toegl
  • Martin Pirker

Abstract

Trusted Computing is a promising approach to improve the security of computer systems. However, current releases of the Java platform do not provide support to utilize the Trusted Platform Module (TPM). This paper presents several building-blocks that lead to the integration of TC into Java. It outlines the issues that arise with multiple TPM-virtualizations in the context of managed environments. Further, it summarizes the design and implementation of Java TC-libraries that support the major operating systems on TPM-enabled platforms, while still considering alternative architectures. The final aspect covered is the ongoing standardization process of a future Trusted Computing API for Java.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Stefan Berger, Ramón Càceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doom. vTPM: virtualizing the trusted platform module. In USENIX-SS’06: Proceedings of the 15th conference on USENIX Security Symposium, pages 305–320, 2006.Google Scholar
  2. Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Enriquillo Valdez, Ronald Perez, Wayne Schildhauer, and Deepa Srinivasan. TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev., 42(1):40–47, 2008.CrossRefGoogle Scholar
  3. Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164–177, New York, NY, USA, 2003. ACM.Google Scholar
  4. David Challener, Kent Yoder, Ryan Catherman, David Saffbrd, and Leendert Van Doom. A Practical Guide to Trusted Computing. Number ISBN-13: 978-0132398428. IBM Press, 1st edition, 2008.Google Scholar
  5. Kurt Dietrich, Martin Pirker, Tobias Vejda, Ronald Toegl, Thomas Winkler, and Peter Lipp. A practical approach for establishing trust relationships between remote platforms using trusted computing. In Gilles Barthe and Cedric Fournet, editors, Trustworthy Global Computing, volume 4912 of LNCS, pages 156–168. Springer Verlag, 2008.Google Scholar
  6. Paul England and Jork Loeser. Para-Virtualized TPM Sharing. In Proceedings of TRUST 2008, volume 4968 of LNCS. Springer Verlag, 2008.Google Scholar
  7. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: a virtual machine-based platform for trusted computing. In SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 193–206, New York, NY, USA, 2003. ACM.Google Scholar
  8. Michael Hohmuth. The fiasco kernel: Requirements definition. Technical Report ISSN 143021IX, Dresden University of Technology, 1998.Google Scholar
  9. IBM Corp. TrouSerS an open-source tcg software stack implementation. http://trousers.sourceforge.net/, 2008.
  10. Dirk Kuhlmann, Rainer Landfermann, HariGovind V. Ramasamy, Matthias Schunter, Gianluca Ramunno, and Davide Vernizzi. An open trusted computing architecture — secure virtual machines enabling user-defined policy enforcement. Research Report RZ 3655, IBM Research, 2006.Google Scholar
  11. Microsoft. TPM Base Services. Microsoft Developer Network, 2007. http://msdn. microsoft.com/en-us/library/aa446796(VS.85).aspx.
  12. RSA Laboratories. PKCS #11 v2.20: Cryptographic Token Interface Standard. RSA Security Inc. Public-Key Cryptography Standards (PKCS), June 2004. ftp://ftp.rsasecurity.com/ pub/pkcs/pkcs-ll/v2-20/pkcs-llv2-20.pdf
  13. Frederic Stumpf, Michael Benz, Martin Hermanowski, and Claudia Eckert. An approach to a trustworthy system architecture using virtualization, 2007.Google Scholar
  14. L. Sarmenta, J. Rhodes, and T. Müller. TPM/J java-based api for the trusted platform module. http://projects.csail.mit.edu/tc/tpmj/, 2007.
  15. Marcel Selhorst, Christian Stueble, and Felix Teerkorn. TSS Study. Study on behalf of the german federal office for information security (bsi), Sirrix AG security technologies, May 2008. http://www.simx.com/content/pages/50590.htm.
  16. Luis Sarmenta, Marten van Dijk, Charles O’Donnell, Jonathan Rhodes, and Srinivas Devadas. Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In STC ’06: Proceedings of the first ACM workshop on Scalable trusted computing, number 1-59593-548-7, pages 27–42. ACM, 2006.Google Scholar
  17. Ronald Toegl et al. JSR 321: Trusted Computing API for Java. Java Community Process, 2008. http://jcp.org/en/jsr/detail?id=321.
  18. Trusted Computing Group. TCG Software Stack Specification, Version 1.2 Errata A. https://www.trust-edcomputinggroup.org/specs/TSS/.
  19. Tobias Vejda, Ronald Toegl, Martin Pirker, and Thomas Winkler. Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In Proceedings of TRUST 2008, volume 4968 of LNCS. Springer Verlag, 2008.Google Scholar
  20. S. Yoshihama, S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, and H. Maruyama. WS-attesta-tion: efficient and fine-grained remote attestation on web services. In T. Ebringer, editor, Proc. IEEE International Conference on Web Services ICWS 2005, pages -750, 2005.Google Scholar

Copyright information

© Vieweg+Teubner | GWV Fachverlage GmbH 2009

Authors and Affiliations

  • Ronald Toegl
    • 1
  • Martin Pirker
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations