Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2010: Trust and Trustworthy Computing pp 265–272Cite as

Dynamic Enforcement of Platform Integrity

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6101)

Abstract

Modern Trusted Computing platforms offer the basic hardware building blocks to allow effective enforcement of software integrity. In this paper we present a practical software system architecture which uses Intel’s late launch mechanism to boot a known-good configuration. We restrict the access to data and execution of services to trusted platform configurations, enforcing the integrity of contained applications as specified by the platform operator. Further, we also describe a set of operational procedures to allow flexible and dynamic configuration management. We present our prototype implementation which integrates well with established Linux distributions.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Advanced Micro Devices: AMD64 Virtualization: Secure Virtual Machine Architecture Reference Manual (May 2005)

    Google Scholar 

  2. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, vol. 65. IEEE Computer Society, Los Alamitos (1997)

    Google Scholar 

  3. Cáceres, R., Carter, C., Narayanaswami, C., Raghunath, M.: Reincarnating pcs with portable soulpads. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 65–78. ACM, Seattle (2005)

    CrossRef  Google Scholar 

  4. Gebhardt, C., Dalton, C.: Lala: a late launch application. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 1–8. ACM, Chicago (2009)

    CrossRef  Google Scholar 

  5. Gebhardt, C., Tomlinson, A.: Secure Virtual Disk Images for Grid Computing. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC 2008), October 2008. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  6. Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. No. ISBN 978-1934053171, Richard Bowles, Intel Press, Intel Corporation, 2111 NE 25th Avenue, JF3-330, Hillsboro, OR 97124-5961 (February 2009)

    Google Scholar 

  7. Intel Corporation: Intel active management technology (amt), http://www.intel.com/technology/platform-technology/intel-amt/index.htm

  8. Intel Corporation: Trusted Boot - an open source, pre- kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM (2008), http://sourceforge.net/projects/tboot/

  9. Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009), http://download.intel.com/technology/security/downloads/315168.pdf

  10. Kauer, B.: Oslo: improving the security of trusted computing. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–9. USENIX Association, Berkeley (2007)

    Google Scholar 

  11. Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with tcpa/tcg hardware, or: How i learned to stop worrying and love the bear. Tech. rep., Department of Computer Science/Dartmouth PKI Lab, Dartmouth College (2003)

    Google Scholar 

  12. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, Glasgow (2008)

    CrossRef  Google Scholar 

  13. Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009), http://trustedjava.sourceforge.net/

  14. Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science (2010) (in print), http://www.jucs.org/jucs_16_4/towards_a_virtual_trusted

  15. Safford, D., Kravitz, J., Doorn, L.v.: Take control of tcpa. Linux Journal (112), 2 (2003), http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG.html

    Google Scholar 

  16. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium. USENIX Association, San Diego (2004)

    Google Scholar 

  17. Shi, E., Perrig, A., Van Doorn, L.: Bind: a fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168 (2005)

    Google Scholar 

  18. Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007), https://www.trustedcomputinggroup.org/specs/TPM/

  19. Tygar, J., Yee, B.: Dyad: A system for using physically secure coprocessors. In: Technological Strategies for the Protection of Intellectual Property in the Networked Multimedia Environment, pp. 121–152. Interactive Multimedia Association (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A–8010, Graz

    Martin Pirker, Ronald Toegl & Michael Gissing

Authors
  1. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronald Toegl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Gissing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pirker, M., Toegl, R., Gissing, M. (2010). Dynamic Enforcement of Platform Integrity. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation