Options for Securing PCs Against Phishing and Espionage: A Report from the EU-Project “Open Trusted Computing”
Private and business PC users will continue to experience attacks from viruses and Trojan horses. The latter might, e.g., eavesdrop on banking passwords or send confidential business data to a criminal. It is very difficult to provide protection from such attacks on private information within the current operating systems. Novel approaches to securing such data outside the user’s main operating system, using virtualization techniques are presented here. The transparency and trustworthiness of such approaches are, however, by no means guaranteed. In order to protect users, the development of such approaches could be monitored and influenced at the political level, e.g. by governments procuring such systems.
KeywordsTrojan Horse Trust Platform Module Malicious Code Trust Computing Virtual Machine Monitor
We wish to express our thanks to Dirk Kuhlmann, Armand Puccetti and Matthias Schunter and to all OpenTC-partners: Technikon Forschungs- und Planungsgesellschaft mbH (project coordination, AT); Hewlett-Packard Ltd (technical leader, UK); AMD Saxony LLC & Co. KG (DE); Budapest University of Technology and Economics (HU); Commissariat à l’Energie Atomique – LIST (FR); COMNEON GmbH (DE); Forschungszentrum Karlsruhe GmbH – ITAS (DE); Horst Goertz Institute for IT Security, Ruhr-Universitaet Bochum (DE); IBM Research GmbH (CH); Infineon Technologies AG (DE); INTEK Closed Joint Stock Company (RU); ISECOM (ES); Katholieke Universiteit Leuven (BE); Politecnico di Torino (IT); Portakal Teknoloji (TR); Royal Holloway, University of London (UK); SUSE Linux Products GmbH (DE); Technische Universitaet Dresden (DE); Technische Universitaet Graz (AT); Technische Universitaet Muenchen (DE); Technical University of Sofia (BR); TUBITAK – UEKAE (TR); and University of Cambridge (UK).
- Arbaugh, W., D. Farber, and J. Smith. “A Secure and Reliable Bootstrap Architecture,” Proceedings of the 1997 IEEE Symposium on Security and Privacy, (1997): 65–71.Google Scholar
- Dalton, C. “A Hypervisor Against Ferrying Away Data,” Interview by Franco Furger and Arnd Weber. OpenTC Newsletter, April 2009. http://www.opentc.net/publications/OpenTC_Newsletter_07.pdf.
- England, P. Practical Techniques for Operating System Attestation. Presentation given at: Trusted Computing - Challenges and Applications, First International Conference on Trusted Computing and Trust in Information Technologies, Trust 2008, Villach, Austria, March 11–12, 2008.Google Scholar
- Grawrock, D. The Intel Safer Computing Initiative. Intel Press, Hillsboro, 2006.Google Scholar
- Kuhlmann, D., and A. Weber. OpenTC Final Report. The Evolution of the OpenTC Architecture Illustrated via its Proof-of-Concept-Prototypes. Bristol, Karlsruhe 2009, http://www.opentc.net/.
- MI5: Espionage. http://www.mi5.gov.uk/output/espionage.html.
- OpenTC. Project website. http://www.opentc.net/
- OpenTC. Project newsletter, available at http://www.opentc.net.
- Pfitzmann, B., J. Riordan, C. Stüble, M. Waidner, and A. Weber. “The PERSEUS System Architecture.” IBM Research Report RZ 3335, IBM Research – Zurich, April 2001. http://www.zurich.ibm.com/security/publications/2001.html.
- Weber, D., A. Weber, and S. Lo Presti. “Requirements and Design Guidelines for a Trusted Hypervisor User Interface.” (Paper presented at: Future of Trust in Computing. Berlin, Germany, 30 June – 2 July, 2008). Proceedings published by Vieweg & Teubner, Wiesbaden 2009.Google Scholar